Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 871
  • Last Modified:

What is the best method of synchronizing passwords across eDirectory and Active Directory?

I am trying to find the simplest way of synchronizing login passwords for our users. I'm looking at Novell's Identity Manager, and Microsoft Identity Integration.  Both are rather complicated and overkill for what we are trying to do.  Does anyone have any suggestions, or experience?  We are using AD on MS 2003 server and Novell OES 2 SP2, we also have Zenworks and a Group Policies deployed....if this info helps.  Thanks!
2 Solutions
If you have any mechanism to deploy user accounts you could use that same mechanism to change passwords. With the official identity management mechanisms the password change in any environment is captured and sent to the other.
By using an external mechanism (e.g. through a webpage) you can change both passwords through LDAP. You have to make sure though that password changing throug the usual interface  (Ctrl-Alt-Del - Change password) is disabled.
PberSolutions ArchitectCommented:
I feel your pain with respect to trying to sync passwords.  Many of the directory sync products are bloat for what you want them for.  As deroode mentioned, gonig to an external password changing mechanism that can set both passwords at once could be your best bet.  

What I would look into is various password self service products out there.  Many vendors offer multi platform support which would satisfy your needs.  It also kills two birds with one stone by offering your users a way to reset thier passwords themselves and offloading those calls away from your helpdesk.  ROI on these products are usually within a year or two.
sbainesAuthor Commented:
Thanks to you both for your reply!  Yeah, right now my poor Help Desk guys have nothing but trouble with end-users just to change expired passwords.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

PberSolutions ArchitectCommented:
About 40% of our helpdesk load between 7:30 to 9:00am was passwords resets.   Increasing their productivity as well as the users is easy ROI for a manager to see.

These aren't the only two, but check out products like these:

Both offer password sync options that will solve your initial problem.
If you own ZENworks, you very likely own the Novell IDM starter pack that will sync user accounts and passwords between eDirectory and AD. Novell shipped the starter pack with ZEN because they realized that companies were authenticating to AD but wanting the power of ZENworks for desktop management.  ZENworks 7 and earlier requires eDirectory for its management.  ZENworks 10 and 11 is directory agnostic and will use eDirectory, AD or another LDAP source plus it keeps all of its objects in its own database and not in any directory service.

The IDM starter pack is relatively straightforward to setup and works quite well to sync user and passwords between the two.

We use Novell IDM for this purpose. It might look like overkill, but it works as advertised. Listen to ZENandEmailguy about the Starter Pack.
Kevin CrossChief Technology OfficerCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now