locked
Custom password synchronization dll with Active Directory RRS feed

  • Question

  • Hello,

    I have to design for one of my customers a solution that will synchronize passwords with a target that is not "connected" to FIM 2010 (and cannot be connected without writing a custom MA).

    In the current FIM 2010 (actually an ILM) implementation, there is an AD "source" where PCNS will be installed and an AD "target".

    This target is connected/replicated with the final target with a mechanism independant of FIM 2010.

    This final target must have passwords synchronized with the source.

    I wanted to envisage the following solution: Activate password synchronization in the AD "target" MA and develop a custom password synchronization dll that would host the necessary code to change password on my final target. This doesn't seam possible because there is no option in the Active directory management agent to set a custom password dll.

    Then I'm thinking of using the openldap XMA to connect to the AD target because this MA allows to set a custom password dll.

    Do you know if this MA is able to  connect to AD (eventually with minor changes in the code)?

    If not, I'm also thinking of creating a "dummy" Management agent that would be provisionned when full synching the AD source and target. This MA would not need to implement Import and export operations (the skeletton could remain empty).

    This would give me a connector space containing all the "users". In this dummy MA, I woud then be able to set a custom password dll.

    Last solution: develop the custom MA that I want to avoid: the final target does not support delta import and "full importing" it would take hours everytime.

    What do you think of these differents approaches?

    Thank you very much for your feedbacks.


    Cordialement,
    Emmanuel Dreux
    http://www.bcpsoft.fr
    http://www.ilinfo.fr
    Thursday, February 10, 2011 9:57 AM

Answers

  • The target is not an AD.

    And my goal is to synchronize passwords with it using a custom password synchronization dll.

    The AD MA doesn't allow to set a custom password synchronization dll.

     

    AD source <-> ILM <-> Resource AD <-> Target

    We have choosen the following architecture:

    When synching the resource AD, it will provision a connector space based on a File text MA in which we'll define a custom password synchronization dll. This dll will host the code to modify the passwords on the target.

    This  MA will receive passwords change notifications from PCNS.

     


    Cordialement,
    Emmanuel Dreux
    http://www.bcpsoft.fr
    http://www.ilinfo.fr
    • Marked as answer by ilinfo Friday, February 11, 2011 5:39 PM
    Friday, February 11, 2011 5:38 PM

All replies

  • Hi-

    Why can't you use an AD MA to connect to the target MA? You don't need any attribute flows, just need to join the objects and then you can use the built-in password sync functionality.


    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com
    Thursday, February 10, 2011 8:49 PM
  • The target is not an AD.

    And my goal is to synchronize passwords with it using a custom password synchronization dll.

    The AD MA doesn't allow to set a custom password synchronization dll.

     

    AD source <-> ILM <-> Resource AD <-> Target

    We have choosen the following architecture:

    When synching the resource AD, it will provision a connector space based on a File text MA in which we'll define a custom password synchronization dll. This dll will host the code to modify the passwords on the target.

    This  MA will receive passwords change notifications from PCNS.

     


    Cordialement,
    Emmanuel Dreux
    http://www.bcpsoft.fr
    http://www.ilinfo.fr
    • Marked as answer by ilinfo Friday, February 11, 2011 5:39 PM
    Friday, February 11, 2011 5:38 PM