Hello,
We have a single forest with two domains. The domains have a two way trust. When we run adquery on a linux host in domain B against a user in domain A the results are incorrect. Sometimes it returns a password expiration in the past (despite the users password not being expired) and sometimes it shows that there is no password expiration date (which is not correct).
working example.. adquery run on server in domain A against a user in domain A
[USERA@serverA ~]$ sudo adquery user USERA -A | grep 2016
passwordExpires:Sun Oct 9 14:43:07 2016
nextPasswordChange:Thu Jul 14 14:43:07 2016
lastPasswordChange:Mon Jul 11 14:43:07 2016
non working example.. adquery run on server in domain B against a user in domain A
[USERA@serverB ~]$ sudo adquery user USERA -A | egrep 'Expire|Change'
accountExpires:Never
passwordExpires:Never
passwordWillExpire:-1
nextPasswordChange:Undefined
lastPasswordChange:Undefined
non working example.. adquery run on server in domain B against a user in domain A and a passwordExpires value reported in the past.
"Past" meaning this date was the previous password expiration date. The user has changed their password and this should show the October 9th date from the working example above.
[USERA@serverB ~]$ sudo adquery user USERA -A | grep 2016
passwordExpires:Tue Jul 19 11:34:33 2016
nextPasswordChange:Sat Apr 23 11:34:33 2016
lastPasswordChange:Wed Apr 20 11:34:33 2016