We are using Active Directory as a User Federation backend. We manage to create users. We are using ldaps, I think it is working since we manage to create the users normally.
But new users are always created as disabled on AD. I’ve set up userPassword to ${RANDOM} and removed the msad-lds and msad- user-account-control mappers, the users get created, but still are disabled on AD.
How can I create them enabled with the random passwords?
Out of curiousity have you tried to not user ${RANDOM} password andjust create a juser /w password “password123” or something similiar, If so what did you see in the logs, not only from Keycloak server but AD?
Yes. Same thing. On AD I see the passord in clear text.
The only thing is that when I created the password and set pwdLastSet to -1, the account can be enabled on keycloak, but that doesnt happen by itself.