Password rotation schedule job intermittently fails when trying to rotate many users (200+) in Active Directory.
PAM 3.3.2 and above
Active Directory replication is not happening fast enough or there is a maximum connections limitation on Active Directory.
If you limit the scheduled job to only 50 accounts, we work successfully.
Please go to the following location:
and download and apply PAM_DISABLE_MULTI_THREAD.p.zip.
With the patch, multi thread feature in password rotation schedule job is disabled and we will use only 1 thread to change passwords.