password-admin-reset="true" on Password Sync Events

  • 7014705
  • 06-Mar-2014
  • 07-Mar-2014


NetIQ Identity Manager Driver - Active Directory


When syncing a password change event from eDirectory to Active Directory on the subscriber channel successfully, immediately a password change event comes back on the publisher channel.  

(This is normal behavior as the AD driver does not have loopback detection. See TID 7006562 - IDM Events from eDirectory to Active Directory loop back into eDirectory)

In the looped back document (see example below) the "password-admin-reset="true"" is set. This xml tag is a new addition to the driver and is set on password change events coming from AD. It is set to true in this case as the password change in AD was caused by the driver and considered a system, or admin type event despite who originated the change event in eDirectory. If the user had set their password in AD (an actual end user event), then it would have been set to false.

<modify-password class-name="user" event-id="TESTDomain##1448903731f##1" password-admin-reset="true" src-dn="CN=TESTUser,OU=Users,OU=Boston,DC=netiq,DC=com">
<password><!-- content suppressed --></password>


Functioning as designed