PasswordChangeRequired parameter value is not getting set to true during account creation or even with PATCH

[myoscodeRahul]

TestCase Description:

Create A user account with Administrator Role with PasswordChangeRequired": true : redfishtool -sssss -W 1:30 -r <BMC_IP> -u root -p dell_help_123 -d '{"UserName": "admin30", "Locked": false, "Name": "Redfish Name", "RoleId": "Administrator", "PasswordChangeRequired": true, "Enabled": true, "Password": "admin@123"}' -T 60 -S Always raw POST '/redfish/v1/AccountService/Accounts'
Result:

Account Created and PasswordChangeRequired is set to true in Response:

rkumardu@C-JSP16J3:~$ redfishtool -sssss -W 1:30 -r <BMC_IP> -u username -p password -T 60 -S Always raw GET '/redfish/v1/AccountService/Accounts/5'
num: 1, time: 30
#REQUEST: GET https://<BMC_IP>/redfish/v1/AccountService/Accounts/5
#__Request.Headers: {'User-Agent': 'python-requests/2.27.1', 'Accept': 'application/json', 'Connection': 'keep-alive', 'OData-Version': '4.0', 'Authorization': 'Basic cm9vdDpkZWxsX2hlbHBfMTIz'}
#__Request AuthType: Basic
#__Request Data: None
#__Response.status_code: 200, r.url: https://<BMC_IP>/redfish/v1/AccountService/Accounts/5
#__Response.elapsed(responseTime): 0.85 sec
#__Response.Headers: {'Date': 'Mon, 17 Nov 2025 17:08:08 GMT', 'Server': 'apache', 'X-Frame-Options': 'DENY', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'Access-Control-Allow-Origin': '*', 'Allow': 'GET, HEAD, PATCH, DELETE', 'Cache-Control': 'no-store; no-cache', 'Content-Type': 'application/json;odata.metadata=minimal;charset=utf-8', 'Etag': 'W/"gen-3"', 'Link': '</redfish/v1/Schemas/ManagerAccount.v1_13_0.json>;rel=describedby', 'Odata-Version': '4.0', 'Pragma': 'no-cache', 'X-Content-Security-Policy': "default-src 'self'", 'X-Content-Type-Options': 'nosniff', 'X-Ua-Compatible': 'IE=11', 'X-Xss-Protection': '1;mode=block', 'Content-Length': '1114', 'Vary': 'Accept-Encoding', 'Keep-Alive': 'timeout=60, max=100', 'Connection': 'Keep-Alive'}
#__Response. Data: {"AccountTypes":["Redfish","SNMP","OEM","HostConsole","ManagerConsole","IPMI","KVMIP","VirtualMedia","WebUI"],"PasswordExpiration":null,"SNMP":

{"AuthenticationKeySet":true,"AuthenticationProtocol":"HMAC256_SHA384","EncryptionKey":null,"EncryptionKeySet":true,"EncryptionProtocol":"CFB128_AES256","AuthenticationKey":null}
,"RoleId":"Administrator","@odata.type":"#ManagerAccount.v1_13_0.ManagerAccount","Description":"User Account","Enabled":true,"Id":"5","@odata.etag":"W/"gen-3"","PasswordChangeRequired":false,"Password":null,"Locked":false,"Keys":{"@odata.id":"/redfish/v1/AccountService/Accounts/5/Keys"},"OEMAccountTypes":["SOL","RACADM"],"@odata.id":"/redfish/v1/AccountService/Accounts/5","Oem":{"Dell":{"SNMPv3PassphraseEnabled":"Disabled","@odata.context":"/redfish/v1/$metadata#DellManagerAccount.DellManagerAccount","@odata.type":"#DellManagerAccount.v1_0_0.DellManagerAccount"}},"UserName":"admin30","StrictAccountTypes":false,"Name":"User Account","Links":{"Role":{"@odata.id":"/redfish/v1/AccountService/Roles/Administrator"}},"@odata.context":"/redfish/v1/$metadata#ManagerAccount.ManagerAccount"}
#STATUS: Last Response: r.status_code: 200
#STATUS: Last Response: r.url: https://<BMC_IP>/redfish/v1/AccountService/Accounts/5
#STATUS: Last Response: r.elapsed(responseTime): 0.85 sec
{
"AccountTypes": [
"Redfish",
"SNMP",
"OEM",
"HostConsole",
"ManagerConsole",
"IPMI",
"KVMIP",
"VirtualMedia",
"WebUI"
],
"PasswordExpiration": null,
"SNMP":

{ "AuthenticationKeySet": true, "AuthenticationProtocol": "HMAC256_SHA384", "EncryptionKey": null, "EncryptionKeySet": true, "EncryptionProtocol": "CFB128_AES256", "AuthenticationKey": null }
,
"RoleId": "Administrator",
"@odata.type": "#ManagerAccount.v1_13_0.ManagerAccount",
"Description": "User Account",
"Enabled": true,
"Id": "5",
"@odata.etag": "W/"gen-3"",
"PasswordChangeRequired": false,
"Password": null,
"Locked": false,
"Keys":

{ "@odata.id": "/redfish/v1/AccountService/Accounts/5/Keys" }
,
"OEMAccountTypes": [
"SOL",
"RACADM"
],
"@odata.id": "/redfish/v1/AccountService/Accounts/5",
"Oem": {
"Dell":

{ "SNMPv3PassphraseEnabled": "Disabled", "@odata.context": "/redfish/v1/$metadata#DellManagerAccount.DellManagerAccount", "@odata.type": "#DellManagerAccount.v1_0_0.DellManagerAccount" }
},
"UserName": "admin30",
"StrictAccountTypes": false,
"Name": "User Account",
"Links": {
"Role":

{ "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" }
},
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"
}
rkumardu@C-JSP16J3:~$

In Response I saw that the PasswordChangeRequired is still false.

I tried to change this PasswordChangeRequired to true via PATCH request but got error,

rkumardu@C-JSP16J3:~$ redfishtool -sssss -W 1:30 -r <BMC_IP> -u username -p password -d '{"PasswordChangeRequired": true}' -T 60 -S Always raw PATCH '/redfish/v1/AccountService/Accounts/5'
num: 1, time: 30
#REQUEST: GET https://<BMC_IP>/redfish/v1/AccountService/Accounts/5
#__Request.Headers: {'User-Agent': 'python-requests/2.27.1', 'Accept': 'application/json', 'Connection': 'keep-alive', 'OData-Version': '4.0', 'Authorization': 'Basic cm9vdDpkZWxsX2hlbHBfMTIz'}
#__Request AuthType: Basic
#__Request Data: None
#__Response.status_code: 200, r.url: https://<BMC_IP>/redfish/v1/AccountService/Accounts/5
#__Response.elapsed(responseTime): 1.15 sec
#__Response.Headers: {'Date': 'Mon, 17 Nov 2025 17:15:38 GMT', 'Server': 'apache', 'X-Frame-Options': 'DENY', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'Access-Control-Allow-Origin': '*', 'Allow': 'GET, HEAD, PATCH, DELETE', 'Cache-Control': 'no-store; no-cache', 'Content-Type': 'application/json;odata.metadata=minimal;charset=utf-8', 'Etag': 'W/"gen-3"', 'Link': '</redfish/v1/Schemas/ManagerAccount.v1_13_0.json>;rel=describedby', 'Odata-Version': '4.0', 'Pragma': 'no-cache', 'X-Content-Security-Policy': "default-src 'self'", 'X-Content-Type-Options': 'nosniff', 'X-Ua-Compatible': 'IE=11', 'X-Xss-Protection': '1;mode=block', 'Content-Length': '1114', 'Vary': 'Accept-Encoding', 'Keep-Alive': 'timeout=60, max=100', 'Connection': 'Keep-Alive'}
#__Response. Data: {"AccountTypes":["Redfish","SNMP","OEM","HostConsole","ManagerConsole","IPMI","KVMIP","VirtualMedia","WebUI"],"PasswordExpiration":null,"SNMP":

{"AuthenticationKeySet":true,"AuthenticationProtocol":"HMAC256_SHA384","EncryptionKey":null,"EncryptionKeySet":true,"EncryptionProtocol":"CFB128_AES256","AuthenticationKey":null}
,"RoleId":"Administrator","@odata.type":"#ManagerAccount.v1_13_0.ManagerAccount","Description":"User Account","Enabled":true,"Id":"5","@odata.etag":"W/"gen-3"","PasswordChangeRequired":false,"Password":null,"Locked":false,"Keys":{"@odata.id":"/redfish/v1/AccountService/Accounts/5/Keys"},"OEMAccountTypes":["SOL","RACADM"],"@odata.id":"/redfish/v1/AccountService/Accounts/5","Oem":{"Dell":{"SNMPv3PassphraseEnabled":"Disabled","@odata.context":"/redfish/v1/$metadata#DellManagerAccount.DellManagerAccount","@odata.type":"#DellManagerAccount.v1_0_0.DellManagerAccount"}},"UserName":"admin30","StrictAccountTypes":false,"Name":"User Account","Links":{"Role":{"@odata.id":"/redfish/v1/AccountService/Roles/Administrator"}},"@odata.context":"/redfish/v1/$metadata#ManagerAccount.ManagerAccount"}
#REQUEST: PATCH https://<BMC_IP>/redfish/v1/AccountService/Accounts/5
#__Request.Headers: {'User-Agent': 'python-requests/2.27.1', 'Accept': 'application/json', 'Connection': 'keep-alive', 'OData-Version': '4.0', 'content-type': 'application/json', 'if-match': 'W/"gen-3"', 'Content-Length': '32', 'Authorization': 'Basic cm9vdDpkZWxsX2hlbHBfMTIz'}
#__Request AuthType: Basic
#__Request Data: {"PasswordChangeRequired": true}
#__Response.status_code: 400, r.url: https://<BMC_IP>/redfish/v1/AccountService/Accounts/5
#__Response.elapsed(responseTime): 1.13 sec
#__Response.Headers: {'Date': 'Mon, 17 Nov 2025 17:15:40 GMT', 'Server': 'apache', 'X-Frame-Options': 'DENY', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'Access-Control-Allow-Origin': '*', 'Cache-Control': 'no-store; no-cache', 'Content-Type': 'application/json;odata.metadata=minimal;charset=utf-8', 'Odata-Version': '4.0', 'Pragma': 'no-cache', 'X-Content-Security-Policy': "default-src 'self'", 'X-Content-Type-Options': 'nosniff', 'X-Ua-Compatible': 'IE=11', 'X-Xss-Protection': '1;mode=block', 'Content-Length': '969', 'Connection': 'close'}
#__Response. Data: {"error":{"@Message.ExtendedInfo":[{"MessageId":"Base.1.18.PropertyNotWritable","MessageArgs":["PasswordChangeRequired"],"RelatedProperties":"#/PasswordChangeRequired","Message":"The property PasswordChangeRequired is a read-only property and cannot be assigned a value.","Severity":"Warning","Resolution":"Remove the property from the request body and resubmit the request if the operation failed."},

{"MessageId":"IDRAC.2.14.SYS427","MessageArgs":["PasswordChangeRequired"],"RelatedProperties":["#/PasswordChangeRequired"],"Message":"Unable to complete the operation because the property PasswordChangeRequired is a read only property and cannot be assigned a value.","Severity":"Warning","Resolution":"Remove the property from the request body and retry the operation."}
],"code":"Base.1.18.GeneralError","message":"A general error has occurred. See Resolution for information on how to resolve the error, or @Message.ExtendedInfo if Resolution is not provided."}}

redfishtool: Transport: Response Error: status_code: 400 – Bad Request
rkumardu@C-JSP16J3:~$

Please check this issue. If we can chnage this or not?

Regards

Rahul

[texroemer]

Hi @myoscodeRahul

Even though DMTF spec states property PasswordChangeRequired is read write iDRAC currently does not support it, reason why it returns error about unable to set read only property. I went ahead and escalated this concerns to internal teams at Dell, look into getting this support added in a future iDRAC release.

Thanks
Tex

[myoscodeRahul]

Whenever you receive response regarding implementation please confirm,

this is not only with the PasswordChangeRequired parameter,

I have tested others parameter in Account/accound_id, no parameters are working so hope implementation will be done regarding all

[texroemer]

Can you share what other properties are not working? See below where i changed Enabled property with no issues.

[root@localhost ~]# curl -k -u root:calvin -X PATCH 'https://192.168.0.120/redfish/v1/AccountService/Accounts/3' --insecure -H "Content-Type: application/json" -d '{"Enabled":false}' -i
HTTP/1.1 200 OK
Date: Tue, 16 Dec 2025 14:46:10 GMT
Server: apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Allow: GET, HEAD, PATCH, DELETE
Cache-Control: no-store; no-cache
Content-Type: application/json;odata.metadata=minimal;charset=utf-8
Etag: W/"gen-3"
Odata-Version: 4.0
Pragma: no-cache
X-Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Ua-Compatible: IE=11
X-Xss-Protection: 1;mode=block
Content-Length: 593
Vary: Accept-Encoding

{"@Message.ExtendedInfo":[{"MessageId":"Base.1.18.Success","MessageArgs":[],"RelatedProperties":[],"Message":"The request completed successfully.","Severity":"OK","Resolution":"None."},{"MessageId":"IDRAC.2.15.SYS413","MessageArgs":[],"RelatedProperties":[],"Message":"The operation successfully completed.","Severity":"Informational","Resolution":"No response action is required."}],"@odata.context":"/redfish/v1/$metadata#ManagerAccount.ManagerAccount","@odata.id":"/redfish/v1/AccountService/Accounts/3","@odata.type":"#ManagerAccount.v1_14_0.ManagerAccount","Id":"3","Name":"User Account"}

Thanks
Tex

[myoscodeRahul]

Ok Sorry for little wrong info,

Other parameters are from this: /redfish/v1/AccountService/
AccountLockoutCounterResetAfter:
LocalAccountAuth
AccountLockoutDuration
AccountLockoutThreshold

I tried changing all these, I am not able to change these parameters also

[texroemer]

Thanks for the details, yes those properties are not supported my iDRAC, reason why each of these properties return a value of 0 and if you try to PATCH return an error about read only property.

From DMTF spec:

I'll also escalate these other properties to internal team at Dell.

Thanks
Tex