Environment
IDM 2.X
IDM 3.0.X
IDM 3.5.X
Novell Active Directory Driver
IDM 3.0.X
IDM 3.5.X
Novell Active Directory Driver
Situation
Passwords not synchronizing when migrating from AD
Resolution
There are a couple way to approach this. One is to create a policy
that will set the password to some value on an add to eDirectory.
Another is to perform the migrate, but let users know their account
will be inaccessible until they change their password. Part of the
solution in the latter case may be to force a password
change.
Additional Information
The reason the password was not synchronizing is that the password
in AD was not capable of being reverse-encrypted, and so could not
be retrieved. That is the same reason we need password filters on
all domain controllers: we do not sync a password, but rather a
password change if that change originates in AD. The filters then
pick up that change and forward it to the agent before the password
is written to AD. If the password is written to AD before it is
intercepted, we cannot read it.
Formerly known as TID# 10096875
Formerly known as TID# 10096875