none
Password Sync between two forest RRS feed

  • Question


  • Hello Guys,

    Recently i have implemented Fim 2010 to Synchronize user and password from abc.local to xyz.local domain through PCNS service. I have Installed PCNS and create SPN and configured PCNS on all source domain controller of abc.local.

    When i create new user in abc.local, it synchronized with xyz.local based on workflow and also when i reset password of that new user which is synchronized through FIM in xyz.local, then password also synchronize.

    But we had also migrated few users from abc.local to xyz.local through ADMT from FIM 2010 and now when i reset password of those users then password doesn't synchronize with xyz.local. Only migrated users from ADMT, reset password is not synchronizing. But when i create new user in abc.local it synchronized with xyz.local even though reset password.
    Thursday, September 20, 2012 12:07 PM

All replies

  • Without seeing your actual setup, it's hard to say for sure, but check that the user accounts from both domains are connected to a common MV object in the Sync metaverse. That might explain why the password change doesn't find its way to the destination.

    Frank C. Drewes III - Architect - Oxford Computer Group

    Thursday, September 20, 2012 8:48 PM
  • Password migration (whether via ADMT, QMM, etc.) doesn't trigger PCNS.

    The reason is that password migration moves the password hash at a very low level; the cleartext password is unavailable at this point.  PCNS and FIM are unable to work with password hashes--they require the cleartext.

    More information here: http://support.microsoft.com/kb/2693392

    Thursday, September 20, 2012 9:12 PM