1. create user, add role with AD+LN resources (with mutual dependencies)
2. account on AD is created
3. account on LN is created
4. email address is fetched from LN via inbound to midPoint
5. email address is set to AD via outbound from midPoint
In the step 5, the notification is sent, where email AND credentials are set in AD. The credentials should not be set in this step.
The password is set to the same value; but this resets the "PasswordExpired" flag in Active Directory.