none
Password extension and PCNS RRS feed

  • Question

  • Hi,

    I want to propagate password changes from AD to an external system .

    The external system exposes a webservice I must call to inform the system about the password change

    I'm not exporting any attributes to that system, only importing.

    The password change will be propagated from AD to FIM (via PCNS) and from FIM to the external system via the password extension dll and the webservice.

    I don't have any agents exporting attributes (except the AD agent). Do I need to add a FIM MA to the solution in order to use the password extension and call the web service, or can I call the web-service in the password extension code?

    Many thanks,

    DD
    Saturday, October 24, 2015 7:20 PM

Answers

  • You dont need the FIM Service for your scenario - only Sync and of course PCNS on your DC's. You do need a AM for the external system and in that MA you can write code for setting the password in that system. You do need to bring in the users fra your external system and link them to your AD users through the metaverse to have password changes flow.

    You could have a look at my PowerShell MA which supports password scripts, so if you can get at your external system using PowerShell, you should be able to set password in that system.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    • Proposed as answer by Nosh Mernacaj Monday, October 26, 2015 1:37 PM
    • Marked as answer by DevDiver Monday, October 26, 2015 8:48 PM
    Sunday, October 25, 2015 8:51 PM

All replies

  • You dont need the FIM Service for your scenario - only Sync and of course PCNS on your DC's. You do need a AM for the external system and in that MA you can write code for setting the password in that system. You do need to bring in the users fra your external system and link them to your AD users through the metaverse to have password changes flow.

    You could have a look at my PowerShell MA which supports password scripts, so if you can get at your external system using PowerShell, you should be able to set password in that system.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    • Proposed as answer by Nosh Mernacaj Monday, October 26, 2015 1:37 PM
    • Marked as answer by DevDiver Monday, October 26, 2015 8:48 PM
    Sunday, October 25, 2015 8:51 PM
  • Hi,

    Will the password change be propagated from AD to the MA and external system as soon as a password change occurs or do I need to have a sync run?

    Many thanks,

    DD

    Monday, October 26, 2015 8:53 PM
  • The password propagation happens on change but you need the schedules to import users and link them together. But password changes are 'instant' without the schedules

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Tuesday, October 27, 2015 5:43 AM