locked
PCNS problem RRS feed

  • Question

  • Hello,

     

    i have a problem using PCNS. PCNS is working but not like i would like. The problem i think is a common problem.

     

    When there is a new user in the source AD, the password sync will not work untill there will be a sync operation of the user object in the target AD (in my case EDirectory). So if the source AD has a password policy, for example 30 days, i have to wait for 30 days to have the password syncronized and let the user to logon in the target directory with the same password.

     

    I know there is a queue on the ILM server for the sync password requests, but the passowrd sync request stay in the queue just in case of connection problems..i think, Is it right ?

     

    No one had the same problem ?

    Tuesday, September 23, 2008 9:14 AM

Answers

  • To propagate a password change MIIS must be able to track the user from the source AD to the MV and to the target.

    The objects must be linked (joined/projected/provisioned).

    So, yes, the MA's must be sync'ed.

     

    The password propagation is triggered by a password change in the source AD.

    You could ask (or force) the user to change his/her password.

     

    For a new user, you could set the option that a user must change his password at next logon.

    Then the new password for the new user is propagated to the target AD (if the provisioning is OK).

     

    You're right on the connection problems. It is explained in Implementing the Automated Password Synchronization Solution - Step-by-Step,

    "Failed password synchronization to a target data source – This problem can occur when the network is unavailable or when the target data source is unavailable. MIIS 2003 queues the password change notification and retries password change notification according to the management agent's configuration for retry attempt and retry interval. All passwords are encrypted while they are stored for retry, and they are deleted when the operation succeeds or retry limits are reached."

     

    HTH,

    Peter

    Tuesday, September 23, 2008 11:14 AM