- The User is flagged in the directory with "Waiting for user to complete the activation process" despite a successful password reset on a domain resource
- Existing service endpoints bound to the AD sync'ed user do not get an updated password when reset on a domain resource
- Domain controlled resources work with the new password
- The AD Bridge log may indicate:
ADINT:2016/07/29 15:35:41 C:/Users/Administrator/Go/src/github.com/TheJumpCloud/ADIntegrationAgent/Agent/jcmap.go:520: Could not update user for 'id=[579bcb46d5972e1f11c13b81] - userName=[aduser] - email=[email@example.com] - externally_managed=[true] - sudo=[false] ' err='ERROR: Could not post new JCUser object, err='JumpCloud HTTP response status='400 Bad Request'''
If the password being set on a domain resource does not comply with the JumpCloud password complexity requirements, the synchronization will fail. This is expected behavior.
Make sure domain policy contains the same or higher password complexity requirements found in the JumpCloud security settings.