Right now I am deriving the pwd Expiration Date from pwdChangedTime + pwdMaxAge.
I am looking into using another approach... maybe using pwdExpirationWarned?
Looking at these two...
pwdExpireWarning: pwdExpireWarning attribute specifies the maximum number of seconds before a password is about to expire that expiration warning messages will be returned to an authenticating user.
pwdExpirationWarned: Contains the time at which the password expiration warning was first sent to the client
can I assume that pwd Expiration Date is pwdExpirationWarned + pwdExpireWarning ?