What is the best method of synchronizing passwords across eDirectory and Active Directory?

I am trying to find the simplest way of synchronizing login passwords for our users. I'm looking at Novell's Identity Manager, and Microsoft Identity Integration.  Both are rather complicated and overkill for what we are trying to do.  Does anyone have any suggestions, or experience?  We are using AD on MS 2003 server and Novell OES 2 SP2, we also have Zenworks and a Group Policies deployed....if this info helps.  Thanks!
Who is Participating?
deroodeSystems AdministratorCommented:
If you have any mechanism to deploy user accounts you could use that same mechanism to change passwords. With the official identity management mechanisms the password change in any environment is captured and sent to the other.
By using an external mechanism (e.g. through a webpage) you can change both passwords through LDAP. You have to make sure though that password changing throug the usual interface  (Ctrl-Alt-Del - Change password) is disabled.
PberSolutions ArchitectCommented:
I feel your pain with respect to trying to sync passwords.  Many of the directory sync products are bloat for what you want them for.  As deroode mentioned, gonig to an external password changing mechanism that can set both passwords at once could be your best bet.  

What I would look into is various password self service products out there.  Many vendors offer multi platform support which would satisfy your needs.  It also kills two birds with one stone by offering your users a way to reset thier passwords themselves and offloading those calls away from your helpdesk.  ROI on these products are usually within a year or two.
sbainesAuthor Commented:
Thanks to you both for your reply!  Yeah, right now my poor Help Desk guys have nothing but trouble with end-users just to change expired passwords.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

PberSolutions ArchitectCommented:
About 40% of our helpdesk load between 7:30 to 9:00am was passwords resets.   Increasing their productivity as well as the users is easy ROI for a manager to see.

These aren't the only two, but check out products like these:

Both offer password sync options that will solve your initial problem.
If you own ZENworks, you very likely own the Novell IDM starter pack that will sync user accounts and passwords between eDirectory and AD. Novell shipped the starter pack with ZEN because they realized that companies were authenticating to AD but wanting the power of ZENworks for desktop management.  ZENworks 7 and earlier requires eDirectory for its management.  ZENworks 10 and 11 is directory agnostic and will use eDirectory, AD or another LDAP source plus it keeps all of its objects in its own database and not in any directory service.

The IDM starter pack is relatively straightforward to setup and works quite well to sync user and passwords between the two.

We use Novell IDM for this purpose. It might look like overkill, but it works as advertised. Listen to ZENandEmailguy about the Starter Pack.
Kevin CrossChief Technology OfficerCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.