Migreated users in AD to vault distribution password did not
sync

HI

I have an Edir tree for Zen. Then an Edir tree for the Vauilt. This 
syncs to AD.
I populated the vault by importing the containers, groups and users from 
AD. And that populated the Zen tree. For the most part this went well.

It looks like some users did not get their universal password set. This 
might have to do with the policy was set on the Edir OU at the top 
container. At first it was not a partition so I think the rule did not 
automatically inherit down. As the sync was going I did make it a partition.

I am trying to avoid having to have everyone reset their AD password. 
They don't have a Novell client to talk to the Edir tree. We are using 
zen7 with middle tier which is how we found out passwords were not set 
for some people.

I am using the standard drivers with IDM 3.01. Can I remigrate the 
users? Or add some code?

Thanks!

will are you trying to sync password from AD to eDir? If so, the only
way for password to be set in eDir coming for AD is that the user reset
the password on the AD side.


-- 
wadafud
------------------------------------------------------------------------
wadafud's Profile: http://forums.novell.com/member.php?userid=11852
View this thread: http://forums.novell.com/showthread.php?t=327258

What about changing the driver filter on the password in AD so that the 
merge authority is application? And then doing a sync?
The drivers are setup as bi directional and mirrored.

Thanks,

Will

wadafud wrote:
> will are you trying to sync password from AD to eDir? If so, the only
> way for password to be set in eDir coming for AD is that the user reset
> the password on the AD side.
> 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You CANNOT decrypt the MAD password..... that is the problem.  It is
like Novell's NDS password in this way.  Synchronizing it without
capturing it in another form (which is what the filters do on a password
change) is not possible unless you somehow synchronize it to another
system that understands the NTLM hash which only MAD would understand.

Good luck.





Will K wrote:
| What about changing the driver filter on the password in AD so that the
| merge authority is application? And then doing a sync?
| The drivers are setup as bi directional and mirrored.
|
| Thanks,
|
| Will
|
| wadafud wrote:
|> will are you trying to sync password from AD to eDir? If so, the only
|> way for password to be set in eDir coming for AD is that the user reset
|> the password on the AD side.
|>
|>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIJEzI3s42bA80+9kRAn1pAKCI6lMUHuxQzwHuHJxwdFkUDgxSDQCfYQ3d
sY2UySrFp9OfM4T/LR04bNU=
=Nh2l

Shoot. I am thinking the issue was the Universal password policy assignmnet.

Is there a way to search the edir tree and see how many people do NOT 
have the universal password set?

Thanks,

Will

ab@novell.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> You CANNOT decrypt the MAD password..... that is the problem.  It is
> like Novell's NDS password in this way.  Synchronizing it without
> capturing it in another form (which is what the filters do on a password
> change) is not possible unless you somehow synchronize it to another
> system that understands the NTLM hash which only MAD would understand.
> 
> Good luck.
> 
> 
> 
> 
> 
> Will K wrote:
> | What about changing the driver filter on the password in AD so that the
> | merge authority is application? And then doing a sync?
> | The drivers are setup as bi directional and mirrored.
> |
> | Thanks,
> |
> | Will
> |
> | wadafud wrote:
> |> will are you trying to sync password from AD to eDir? If so, the
only
> |> way for password to be set in eDir coming for AD is that the user
reset
> |> the password on the AD side.
> |>
> |>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFIJEzI3s42bA80+9kRAn1pAKCI6lMUHuxQzwHuHJxwdFkUDgxSDQCfYQ3d
> sY2UySrFp9OfM4T/LR04bNU=
> =Nh2l