It can be included in an add request, modify request, or password modify extended request.

The options that it provides include:

  • Force the server to treat the operation as a self change or an administrative reset.
  • Force the server to accept a pre-encoded password.
  • Force the server to skip validation for the password.
  • Force the server to ignore the user’s password history.
  • Force the server to ignore the user’s minimum password age.
  • Force the server to use a specified password storage scheme.
  • Force the server to set or clear the “must change password” flag.