We have our Keycloak connected to our AD (2012) and have the following issue now, if a user gets prompted to change his password on our windows side keycloak sets an "Update Password" Flag at the keycloak user over the sync.
So far so good.
Now the problem: it doesn't get removed after the password was changed on our ad.
This seems like a misbehaviour on the keycloak periodic import side.
In case this behaviour is intended, how could we reset this flag ?
And we have Kerberos and Sync activated, no MSAD Account Controls aren't enabled.