By default, password policies are not configured with such handlers, so no account status notifications are generated.

The account-status-notification-handler property controls the set of account status notification handlers for a password policy. You can be configure that property using dsconfig or the Administrative Console.

  • To configure the account-status-notification-handler notification handler property, run dsconfig.
    $ bin/dsconfig set-password-policy-prop \ 
      --policy-name "Default Password Policy" \ 
      --set "account-status-notification-handler:Error Log Handler"

    This command updates the default password policy to trigger the error log account status notification handler for any appropriate password policy state changes.