none
Cross forest user creation and password sync RRS feed

  • Question

  • Hi

    scenario : Forest A(Source) , Forest B (Target)

    I need to replicate the same user account from source to target with password and later enable password sync b/w both forest.

    Please suggest me in configuration

    Monday, October 22, 2012 7:31 AM

Answers

  • Hi,

    Then its not a difficult problem at all. Just set the password for next export too. But please consider that without PCNS, this scenario will not work at the end.

    Because when user login first time. it will ask to change password. And then there will be different passwords.

    As long if concern is only to create user in different forest. create synch rule for each.

    Regards,


    M. Irfan

    Monday, October 22, 2012 2:05 PM

All replies

  • Hi,

    Import users in FIM portal from forest A and export in Forest B. For password first time you have to use the default password. You can do it directly to assign the value to password attribute or you can use Power Shell script to create password. But then you can set PCNS when user change the password, it will automatically change in every domain or forest. Its not allowed to read the existing passwords when once its stored in AD.

    Regards,


    M. Irfan

    • Proposed as answer by M.Irfan Monday, October 22, 2012 9:19 AM
    Monday, October 22, 2012 9:18 AM
  • Irfan thanks for that

    Am not implementing PCNS here, But just doing simple import and export along with password attribute in my outbound rule , post export will it ask user to change the password again ?

    Monday, October 22, 2012 11:22 AM
  • Hi,

    Then its not a difficult problem at all. Just set the password for next export too. But please consider that without PCNS, this scenario will not work at the end.

    Because when user login first time. it will ask to change password. And then there will be different passwords.

    As long if concern is only to create user in different forest. create synch rule for each.

    Regards,


    M. Irfan

    Monday, October 22, 2012 2:05 PM
  • hey once again thanks for that

    also i want to provision forest A user as contacts in forest B, how to achieve it?

    Thursday, October 25, 2012 11:11 AM
  • Hi,

    If you have two way trust between domains. You can do that also. It will depends what kind of policies you define.

    So you can create a group and give the access to other daomin.

    There can be many other ways. But this is the simplest.

    Regards,


    M. Irfan

    Thursday, October 25, 2012 2:32 PM
  • is there any step by step document for cross forest GAL sync?
    Friday, October 26, 2012 5:14 AM
  • Why do you need to synchronize passwords, if GAL sync is what you need to do?

    For GAL sync, all you need to worry about is dumping users from Forest A as contact objects into Forest B and vice versa. Just make sure you set the mailNickname, proxyAddressCollection attributes on the contact objects you create.


    Thanks,

    Jameel Syed | Identity & Security Strategist | jameel.syed@credexo.com | Simplified Identity and Access Management



    Saturday, October 27, 2012 10:12 AM
  • Irfan you are right , to sync password across forest i need to have PCNS installed on all source domain and that tool will replicate the password to another forest ,right irfan?
    Tuesday, October 30, 2012 6:21 AM
  • Hi,

    Thank you and this is true. If you wish to sync password in every connecting domain, then there need a PCNS.

    Regards,


    M. Irfan

    • Proposed as answer by M.Irfan Tuesday, October 30, 2012 1:33 PM
    Tuesday, October 30, 2012 1:33 PM