none
Sending user's details in mail (MIMWAL) RRS feed

  • Question

  • Hello!

    Post was edited to include new information.

     

    I have a problem with configuring initial password sending to user's manager by this article: 

    http://ithinkthereforeidam.com/mimwal-for-setting-and-communicating-password-for-new-users

     

    Users are created in AD, but manager don’t receive a email.

    I think that a problem somewhere in Outbound sync rule, maybe some flows needed (or don’t needed) in it.

    As I understand, in Sync rule we also need two flows:

    Some strong (temporary) password to create a user account, ie.

    P@ssw0rd -> unicodePwd

    And “checkbox” to recreate password at first user login:

    0 -> pwdLastSet

    After my sync cycle I get users in AD in enabled state, but with unknown password.

     

    With this two options (without MIMWAL) users are created in AD with this password.

    After I add MIMWAL functions users get a new password (which is unknown to me and manager).

    Service account can get access to mailbox and send/receive emails.

     

    My sync cycle is

    MIM MA Delta-Import

    MIM MA Delta-Sync

    MIM MA Export

    MIM MA Delta-Import

    AD MA Export

    AD MA Delta Import

    After second run situation is same.

    Does somebody have any ideas where is a problem?


    • Edited by alexiszp Wednesday, October 12, 2016 12:36 PM
    Tuesday, October 11, 2016 2:46 PM

All replies

  • Hello alexiszp,

    As you have probably noticed, new password is only flown during initial export (during user creation), so the second run won't change it. And if user already exists in AD, first run neither.

    Please try creating new user from scratch and check if the user is created in domain successfully. If so, please try to enable the user manually. If it fails due to blank password - you will know that there is something with the flow.

    By the way - please check AD MA Export if you have any error there.

    The settings from the link are to enable user only during creation, once the account is created, FIM won't enable/disable it. But I don't know what are your settings regarding UserAccountControl field. Do you have "512" sent to account using SyncRule? Maybe it is only during user creation?


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, October 11, 2016 5:50 PM
  • Hello, Dominik!

    I already updated post, decided to try with MIMWAL.

    Previously problem with disabled account was becouse of weak password, now it is resolved.

    In flow I see "512", but in AD users get "514".

    Users are created in enabled state, but with unknows password :)

    And yes, I will generate passwords only for new users.

    After every cycle I delete my test users in AD, so every run users are created as new.

    Thanks!


    1


    • Edited by alexiszp Wednesday, October 12, 2016 12:43 PM
    Wednesday, October 12, 2016 12:42 PM