we have access to this value , dirxml-uACPasswordCantChange, however MS no longer updates the UAC , but has changed it to an ACL change. So any changes to it in AD create an empty modify event. MS has released instructions on how to set this value via LDAP and psexecute.

Just being able to read the value and have it report back to IDM would be advantageous

by: David G. | over a year ago | Other