WORKAROUND
NOTE: When using this workaround, the User must change password at next logon can still be accessed and may be set to any desired option in the Active Roles Web Interface, but the end result will always be that the value set by the Policy Script will be used instead.
#THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
#INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTBILITY
#AND/OR FITNESS FOR A PARTICULAR PURPOSE.
#IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY
#SUPPORTED, PLEASE CONTACT ONE IDENTITY CONSULTING SERVICES OR YOUR ACCOUNT MANAGER.
#PLEASE NOTE THAT ANY MODIFICATIONS TO THE BELOW SCRIPT MAY CAUSE UNDESIRED RESULTS
#AND/OR BREAK PRODUCT FUNCTIONALITY.
#TAKEN FROM THE FOLLOWING PUBLIC RESOURCE:
#TITLE: HOW TO: Enforce a specific value for "User must change password at next logon" when using the Active Roles Web Interface
#SOLUTION: 320795
#URL: https://support.oneidentity.com/kb/320795
function onPreModify($Request)
{
if ($Request.class -ne "user"){ return }
if ($Request.Attributes.Attributes["edsaPassword"])
{
$Request.Put("edsvaUserMustChangePasswordAtNextLogon", $true) #Alternatively, use $false if desired
}
}