none
Setting a user's password in AD with FIM

    Question

  • We currently set a user's initial password within AD upon user creation with a workflow, that password is also sent to other system that require a password as well.

    We need to provide a means for the user to change their password in each of those integrated point systems after some period of time and we are hoping FIM can help accomplish that.  Is it possible/advisable to develop a FIM portal page where the user can click on a button to execute the same workflow that is kicked off during initial provisioning?  Seems like there has to be a way to leverage that logic/those components somehow.

    Thoughts appreciated!

    vendredi 3 mai 2013 20:14

Toutes les réponses

  • The way I've seen this done is with a checkbox - "Request Password Reset" or something to that effect. When the user checks the box on their 'My Profile' page, transition in to a set to fire the workflow. As part of the workflow, set the attribute back to false when you're done.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    vendredi 3 mai 2013 23:33
    Modérateur
  • I would think you could also set up PCNS so that any time an AD password is changed it would be sent to FIM and password extensions on each target MA for the integrated systems could set that password on the account.  Of course that requires that each integrated system have an MA, an object in each MA joined to the metaverse object representing the user, the password extension exists or can be written for each source, etc. 

    If you already have the workflow, you're much further along in being able to implement it as Brian suggests.  Since the user already exists, the same workflow as initial provisioning may not be appropriate in your case, but the workflow you need could end up being very similar.

    Chris

    mardi 7 mai 2013 13:54