Improve company productivity with a Business Account.Sign Up


Synchronize IBM notes Internet Password with AD

Posted on 2014-12-31
Medium Priority
Last Modified: 2015-01-05
I would like to Synchronize IBM notes Internet Password with AD. Is there a way to do so Domino 9.0.1 FP2 and IBM Notes 9.0.1 FP2
Question by:lberthiaume
  • 5
  • 3
LVL 43

Expert Comment

by:Steve Knight
ID: 40526540
Do you have any link with AD at the moment, and how do the users currently use their notes clients - entering passwords or logged on with the OS?  

You can't sync with what is already in AD as they are encrypted but when a user changes their OS password you can have it change their Notes password and the Internet password can be kept in sync with that using policy.

You may have to be careful then though if you have people with, for example, using Traveler to sync with mobiles, tablets etc. especially if you have internet password lockout configured because then once the password changed the mobile device would use the old password and lock the account out.

Please explain a bit more and will see what can be suggested.

LVL 13

Expert Comment

ID: 40526811

Author Comment

ID: 40527785
I have Shared login and ID vault running.    
From what I know, I would have to use Directory services to synchronize the internet passwords. This in turn would synchronize the internet passwords to AD.
To complicate things I also have a Traveler server which in turn talks to the BES for our blackberries, and would like that to sync with AD.
For now I still don't know if this is still possible and what complications I may run into with Traveler (blackberries).
In other words have everything and anything under one password.
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

LVL 43

Expert Comment

by:Steve Knight
ID: 40527801
Hmm, will wait on what other people say for now.

So at the moment the users change their windows domain password presumably based on a policy prompting and requiring them to (and/or when they just feel like it).  As you are using Shared Login rather than client single logon then anything from the client side to sync the password is out, and afaik anything from the AD side too.

So from my mind think your options are:

1. prompt the user in some way to change their internet passwords
2. prompt the user to change their AD and internet passwords at the same time, i.e. script it rather than letting the user change at the OS - e.g. a login script / GPO could prompt for a new password monthly based on password age before they are required to change it also make the change through Notes.

Apart from that maybe you could use your AD logins as an extra directory for logins to HTTP

BES shouldn't be effected but traveler users will of course be with their internet passwords.

Listening for anyone else's better ideas myself, majority of my customers have chosen not to integrate to that level yet.


Author Comment

ID: 40527815
I am still in testing environment phases for now, production will go into as far as I can go.    You  gave me the idea that maybe we can administratively manage the internet passwords and change them ONLY if they need to...

A new script to synchronize Internet password is pretty much beyond me.   Unless there is a script out there that I could "modify" to our needs.
LVL 43

Expert Comment

by:Steve Knight
ID: 40527848
will see what i can find to show you
LVL 43

Accepted Solution

Steve Knight earned 2000 total points
ID: 40528569
Scripting wise pretty well anything is possible of course, except to control the Windows password changing box and the like.  You can soon write the user's internet password assuming they have a suitable access to the directory, e.g. this old script of mine.  Similar could be done as VBScript etc. though this does seem the 'wrong' way to go about it.

Are there common denominators between AD and Notes, e.g. if the shortname on Notes is always the same as their AD login or similar then it is easier to tie it in.  Frankly unless they change their password through something else than the OS itself there is no way of Notes knowing their password to then amend the internet password as with shared login there is no password to sync.

So if the user could be made to change their AD password etc. or even just prompted to enter a new password next time they go into Notes if the AD password age is changed today...  below is bit of login script I wrote for one company that checked the password expiry for the logging in user and advised them to change it for example.  The "objUser.PasswordLastChanged" part could be checked and if just changed advise the user to change their internet password or trigger a script to do it?


Sub CheckExpiry
  DIM objSysInfo, objUser, objDomain, objWShell
  DIM strUserDN, strDomainDN, strUserCN
  DIM maxPwdAge, numDays, daysToExpiration, objPwdExpires

  set objWShell = WScript.CreateObject( "WScript.Shell" )

  SET objSysInfo = CreateObject("ADSystemInfo")
  strUserDN = objSysInfo.UserName
  strDomainDN =  objSysInfo.DomainShortName

  SET objDomain = GetObject("LDAP://" & strDomainDN)
  SET objUser = GetObject("LDAP://" & strUserDN)
  SET objUserName = GetObject("WinNT://" & strDomainDN & "/" & strUserCN,User)

  objPwdExpires = objUserName.Get("UserFlags")
  If (objPwdExpires And &H10000) <> 0 Then 
    Msgbox "User password does not expire"
    Exit Sub

  ' Check the domain policy for password changes:
  SET maxPwdAge = objDomain.Get("maxPwdAge")

  ' Calculate the number of days that are held in this value, add the days to last password set date
  ' and so know how many days until it needs changing

  numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + maxPwdAge.LowPart) / CCur(-864000000000)
  whenPasswordExpires = DateAdd("d", numDays, objUser.PasswordLastChanged)
  daysToExpiration = DateDiff("d", Now(),whenPasswordExpires)

  MsgBox "Password expires on " & whenPasswordExpires & " ( " & daysToExpiration & " days )"

  IF daystoExpiration <=1 THEN
     msgbox "PLEASE CHANGE YOUR PASSWORD." & CR & CR & "Unless you change your password today you may lock your account out 

as it expires at " & whenPasswordExpires & CR & CR & "Plase press Control-Alt-Delete and choose Change Password now.", 

16+0,"PASSWORD EXPIRES on " & whenPasswordExpires
    IF daystoExpiration <=5 THEN msgbox "Please note you have " & daystoexpiration & " days left to change your password.  

Please change before then to avoid locking your account." ,48+0,"PASSWORD EXPIRES on " & whenPasswordExpires
End Sub

Open in new window


Author Closing Comment

ID: 40531401
Thanks for your help
LVL 43

Expert Comment

by:Steve Knight
ID: 40531718
Well sorry I didn't come up with an easy fix.... perhaps you could post back as your project goes on with feedback and hopefully we can help with any other issues.


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
How to import Outlook calendar to MS Exchange Server. A Calendar stores user appointments, meetings details to manage work. Moving Outlook Calendar to a new or already existing Exchange Server become complex process if Admin needs to import Calendar…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question