Directory Configuration: Password Management 
The SAP Sourcing system supports password-related directory operations such as the following:
Changing the password upon expiration or when requested by the user (as in the case of a forgotten password).
Interpreting the age of a password and warning the user when his or her password is about to expire.
Compatibility with directory password policies
(The Password must change at next logon flag or User cannot change password)
This offers greater compatibility with MS Active Directory.
Note
Password changing on MS Active Directory is only supported with Frictionless Sourcing (now SAP Sourcing) version 2.0.3A and beyond. The directory must be configured to use SSL to enable this feature. The support for password changing on MS Active Directory is only guaranteed to work with SAP Sourcing software running on Intel-based machines running Windows OS platform (2000 or XP).
MS Active Directory Password Policies
In MS Active Directory, you can apply directory-wide security policies, which define account and password-related variables, such as password age expiration or account lockouts.
To configure password expiration:
Open the Active Directory Users and Computers program under Administrative Tools.
Right-click the node with the name of the directory domain and select Properties from the pop-up menu.
Choose the Group Policy tab and select the Default Domain Policy.
Choose Edit. You see a Group Policy window with the configuration (Computer and User) of various security and domain settings.
Go to the Password Policy node under the following hierarchy: \Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
In the right panel, double-click the Maximum Password Age and set the number of days for which a password is valid. The system uses this value and the value of the last date/time the password was changed to calculate the password expiration date (sum of password last set date for the account and maximum password age of the user's domain).