3.2.4.2 PasswordUpdate Request
This message is used to communicate the state change of a password for a directory entry to the PDC on a best-effort basis; if the PDC cannot be reached or the update fails for any reason, the resulting error MUST be ignored. This message MUST be triggered by the following database updates on a non-PDC; this message MUST NOT be triggered when updates are made on a PDC.
unicodePwd: When this attribute is updated, a message with the FLAG_NT_HASH and FLAG_LM_HASH flags MUST be sent. The values of the NT hash and LM hash MUST be read from the requestor's database (unicodePwd and dbcsPwd attributes, respectively).
lockoutTime: When this attribute is updated with a value of 0, a message with the FLAG_ACCOUNT_UNLOCKED flag MUST be sent.
pwdLastSet: When this attribute is updated with a value of 0, a message with the FLAG_MANUAL_PWD_EXPIRY flag MUST be sent.
If more than one update occurs in a given transaction, the updates described above MUST be combined into one message so that the responder can make any updates, if necessary, in a single transaction.