Hi, 'Cache Refresh' is a 'pull' method. That means, you can 'pull' user's information from AD / any LDAP server to Gluu Server. 'Push' user's information from Gluu Server to AD is not possible because we generally don't want to give that much 'write access' to Gluu Server so it can modify backend data souce ( i.e. AD for your case ). However, there is a script which actually can 'push' updated password from Gluu Server to backend AD / LDAP server; you can use/modify that script to meet your requirement. Here is the script: https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/basic.password_expiration

@Mohib.Zico - Thanks for your response and advising. Is there any potential way to push into AD with Gluu at the moment at all or no? We were hoping to leverage Gluu as an all-in-one IAM tool for create/update operations back into Active Directory. Please do advise if there is any possible workaround and/or functions to push back into AD at all with Gluu. Also, after reading the info below, it indicates push/pull user data from Gluu to AD seems possible? https://www.gluu.org/features/identity-management/ Thanks again

Hello, Pull == Cache Refresh. Push == SCIM protocol. There are two ways to get / push user's information in Gluu Server only. >> We were hoping to leverage Gluu as an all-in-one IAM tool for create/update operations back into Active Directory. If it's one time job, you can just pull all user's information from AD into Gluu's LDAP server with Cache Refresh. But if it's continuous job, then what I described above is the only way.

@Mohib.Zico - Understood and thanks for the confirmation. Do you know if there any existing guides available to meet my use case of using SCIM to constantly run CRUD ops back into AD at all?