Sync password in Identity Manager if Universal password is not set

I am currently syncing Edir--->AD currently if a user does not have a Universal Password set then the user is not synced with AD this is by default.  What I would like to do is sync the user but instead of saying if Universal password is not set then VETO I would like to say if universal password is not set then set password in AD to Surname that way the user is created in AD so i can changes its groups and have the users to modify in AD but then when a user logs into a Novell client there password will be updated to universal password and then synced later on.  Is this possible and how?
JRose628Asked:
Who is Participating?
 
alextoftCommented:
Ok, not deployed 3.5 yet so that must be new.

In that case, just change the action of that rule to set the destination password to the source user's surname.
0
 
alextoftCommented:
That's interesting... have you modified the default configuration? A fresh eDir->AD driver should sync the user, universal password or not. If there's no UP available it by default sets their password to dirxml1.

Have you got a rule somewhere which says "if source attribute nspmdistributionpassword not available do veto"? If so all you need to do is change to to "if source attribute nspmdistributionpassword not available, set destination attribute password to source attribute surname".
0
 
alextoftCommented:
Actually, I'll just mention this in case you're going bidirectional..

It's always a VERY GOOD IDEA to switch off ALL password policies on your Windows DC and let eDir be authorative on complexity policies, expiry etc. I remember when I did my first IDM2 implementation, when users started syncing with AD it decided their passwords weren't compliant, disabled their AD accounts and set their passwords to their surname, subsequently bouncing that change back to eDirectory!

Fortunately I had a very recent Portlock of a root server with all partitions configured in a test lab, so was able to quickly knock up an eDir->eDir driver and do a force sync of passwords only to put things back to rights.

Just one of those little gotchas that's worth bearing in mind, as IDM configured incorrectly can do a lot of damage very quickly indeed.
0
 
JRose628Author Commented:
Bty default in 3.5 this is set in the Creation Policy

If nspmDistributionPassword is not set then VETO

This is only a EDir---> AD setup.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.