Environment
Identity Manager Active Directory driver
Microsoft Active Directory
Novell eDirectory
Situation
Purpose:
Resetting passwords in Active Directory domain
Symptoms:
Password Expiry date set to current date in eDirectory after users resets their passwords in AD Domain
Resetting passwords in Active Directory domain
Symptoms:
Password Expiry date set to current date in eDirectory after users resets their passwords in AD Domain
Resolution
This problem may happen if the driver is setting the password as an Admin rather than the User. If the GCV 'Publish Passwords to NDS password' is set to true, then the driver will set the password as an Admin user. This will cause the password to be expired. Their are two solutions for this issue.
Solution one:
- Stop the Active Directory driver.
- Go to the global configuration value tab of the AD driver and make the following modifications.
- Publish Passwords to NDS password - false
- Publish Passwords to distribution password - true
- Save the changes by hitting Apply and OK.
- Stop the Active Directory driver.
- Go to the global configuration value tab of the AD driver and make the following modifications.
- Publish Passwords to NDS password - false
- Publish Passwords to distribution password - true
- Save the changes by hitting Apply and OK.
- Start the driver and change the password of a user in AD and check the same in eDirectory
Solution two:
- Modify the password policy by checking the setting: 'Do not expire the user's password when the administrator sets the password'