Environment
Novell Identity Manager 3.5.1
Novell Identity Manager Driver - Active Directory
Situation
Trying to synchronize the userParameters attribute value between Window 2003 Active Directory and eDirectory. Mapping the value in the driver and pulling it in just shows the whole Unicode string in eDirectory. However, the desire is to synchronize the individual items of the userParameters attribute.
Resolution
Currently there is nothing in the driver to pull out the individual items from this attribute. This attribute is used by many different applications and what is contained in it will vary. An example of a service that writes data to this attribute is Microsoft Terminal services.
The Microsoft description of this attribute is as follows:
This attribute specifies parameters of the user. Points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user data specific to the individual program.
http://msdn.microsoft.com/en-us/library/ms680847(VS.85).aspx
The Microsoft description of this attribute is as follows:
This attribute specifies parameters of the user. Points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user data specific to the individual program.
http://msdn.microsoft.com/en-us/library/ms680847(VS.85).aspx
Microsoft created the attribute so that various applications could store their individual information without having to extend the AD schema. The attribute is of syntax "Unicode String" and basically contains a table of parameter names and values,
however, the values are encoded in a special way so it is not possible to create them easily in our style sheets or policies.
Doing this level of customization is beyond the scope of Novell Support. A consulting partner should be engaged for this level of customization.
Another possibility is to use the IDM scripting driver. That driver can access Microsoft Powershell Scripts. If powershell can read the information, then if might be possible to get the data. The scripting driver is something that is very customized and may need help from consulting.