Resolution
goal
What is the process used by NetIQ's Domain Migration Administrator (DMA) to migrate passwords during a user migration?
fix
The basic process that NetIQ 's DMA uses to copy passwords is as follows:
note
For additional information on this topic, see NetIQ's Support Knowledge Base article NETIQKB1570.
What is the process used by NetIQ's Domain Migration Administrator (DMA) to migrate passwords during a user migration?
fix
The basic process that NetIQ 's DMA uses to copy passwords is as follows:
- First, DMA will create the new user account in the target domain upon migration
- Secondly, DMA creates a temporary complex password for the newly created user in the target
- And finally, DMA copies the source account's password to the newly migrated user in the target
If there is a 'Minimum password age' set by the policy for anything other than zero in the target domain, then the temporary complex password (Step 2) that DMA generated cannot be changed until the specified time period set in the policy has passed. When DMA tries to change the target account's password to the copied password from the source domain (Step 3) it is denied because the 'Minimum password age' policy has not been met.
- Disable all current password policies in the target domain
- Complete your user migration selecting to bring over the source password
- Re-enable the password policies as needed
note
For additional information on this topic, see NetIQ's Support Knowledge Base article NETIQKB1570.
Please contact Technical Support to create a Support Request for any issues you encounter that are not addressed by the User Guide, any Knowledge Base articles found on the website, or current hotfixes available for download.
Additional Information
Formerly known as NETIQKB993