none
AD attributes and passwords not setting correctly RRS feed

  • Question

  • I am running FIM 2010 R2 build 4.1.3479.0 with AD servers at 2008 forest level.  I have set up the ADMA for staff to set passwords and the userprincipalname attribute (among others).  I have custom code in the MVextension.dll that does this.  I am having two issues going on that I believe to be related somehow.  

    1) These initial passwords are not being set and

    2) although the userprinciplename attribute is set correctly when you look in ADUC on the "Attribute Editor" tab, it is not being displayed correctly on the "Account" tab.  The User logon name and the upnsuffix fields are blank.  The pre-win2k fields are displaying correctly.  

    I have done a lot of work trying to figure out what is going on here and I have checked that there are no issues with rights in AD and the code.  I have another ADMA that populates a different set of users in another OU and that fills out the UPN and password and everything works as it should.  The code differences between the two areas are very minimal.

    The code for this is as follows:

             csentry["userPrincipalName"].StringValue = mventry["accountName"].StringValue + emailExtension;

             if (mventry["user_InitialPassword"].IsPresent)
                     {
                      csentry["unicodePwd"].StringValue = mventry["user_InitialPassword"].StringValue; // defaultPassword;                                }
            else
                      {
                      csentry["unicodePwd"].StringValue = Custom_Extensions.Custom_Extensions.GenerateRandomPassword();
                      }

    Any ideas what to look at to try and figure out what the heck is going on would be really helpful please!

    Thanks

    Erica



    • Edited by Eka G Friday, May 9, 2014 12:42 AM fixed spelling
    Thursday, May 8, 2014 3:46 AM

All replies

  • Are you recieving any errors when you try to set the password? 

    For UPN, is emailExtension a valid UPN suffix in AD? 


    Friday, May 9, 2014 12:12 AM
  • There are no errors on creation of the user.  There are no errors if I log in as the service account and try to change the password.  

    The emailExtension variable is the same as the one that works for the other users that work.


    Friday, May 9, 2014 1:04 AM
  • As a first step I would try running the visual studio debugger and attach to the miisservice.exe and then run the synchronisation to ensure that the line is definitely being executed; that you don't have any logic above it that may stop it from being run.
    Friday, May 16, 2014 5:52 AM