Sync password in Identity Manager if Universal password is not set

Posted on 2007-07-19
Last Modified: 2008-01-09
I am currently syncing Edir--->AD currently if a user does not have a Universal Password set then the user is not synced with AD this is by default.  What I would like to do is sync the user but instead of saying if Universal password is not set then VETO I would like to say if universal password is not set then set password in AD to Surname that way the user is created in AD so i can changes its groups and have the users to modify in AD but then when a user logs into a Novell client there password will be updated to universal password and then synced later on.  Is this possible and how?
Question by:JRose628
    LVL 19

    Expert Comment

    That's interesting... have you modified the default configuration? A fresh eDir->AD driver should sync the user, universal password or not. If there's no UP available it by default sets their password to dirxml1.

    Have you got a rule somewhere which says "if source attribute nspmdistributionpassword not available do veto"? If so all you need to do is change to to "if source attribute nspmdistributionpassword not available, set destination attribute password to source attribute surname".
    LVL 19

    Expert Comment

    Actually, I'll just mention this in case you're going bidirectional..

    It's always a VERY GOOD IDEA to switch off ALL password policies on your Windows DC and let eDir be authorative on complexity policies, expiry etc. I remember when I did my first IDM2 implementation, when users started syncing with AD it decided their passwords weren't compliant, disabled their AD accounts and set their passwords to their surname, subsequently bouncing that change back to eDirectory!

    Fortunately I had a very recent Portlock of a root server with all partitions configured in a test lab, so was able to quickly knock up an eDir->eDir driver and do a force sync of passwords only to put things back to rights.

    Just one of those little gotchas that's worth bearing in mind, as IDM configured incorrectly can do a lot of damage very quickly indeed.

    Author Comment

    Bty default in 3.5 this is set in the Creation Policy

    If nspmDistributionPassword is not set then VETO

    This is only a EDir---> AD setup.  
    LVL 19

    Accepted Solution

    Ok, not deployed 3.5 yet so that must be new.

    In that case, just change the action of that rule to set the destination password to the source user's surname.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now