none
FIM R2 Password Sync RRS feed

  • Question

  • I have a doubt related to related to Password Synchronization in FIM R2. I tried searching in different forums but could not get clear answer.

    I am using FIM password reset portal to reset the user password in AD. Do we require PCNS to synchronize Password using FIM synchronization service.

    As per my understanding, this is how Password synchronization works when resetting the password using FIM password reset portal

    The portal passes the user name and domain to FIM via the WMI.
    The correct AD CS object is found.
    Any other related objects, in MAs for which password management is configured, are found.
    A password change is sent to AD.
    If that is successful, a password set (never a change) is sent to any other CDs.

    If this is correct then password synchronization should work but it is not working for me. Only password reset is working.

    Can you please help me to understand if we require PCNS to synchronize the password?

    Note: I have enabled the password management in respective MA's. The target which I am trying to synchronize the password is AD in different domain.

    

    Friday, September 26, 2014 4:18 PM

All replies

  • PCNS would be required if you use Synchronization Engine to synchronize password to other systems than local Active Directory - for example other AD, LDAP or other MA.

    Password reset activity works as follow:

    The portal passes the user name and domain to FIM via the WMI.

    The correct AD CS object is found.
    A new password change is sent to AD.

    So other MAs are not informed about a change here. You have to use PCNS to achieve it. Then it would be as here:

    The portal passes the user name and domain to FIM via the WMI.
    The correct AD CS object is found.
    A new password change is sent to AD.
    A PCNS service installed at Domain Controller catches the change and informs FIM Sync Service that it is performed for user.
    FIM Synch checks which MAs should be informed about password change and this new password is being sent to MAs.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by Robin Westgaard Monday, September 29, 2014 11:43 AM
    Friday, September 26, 2014 8:22 PM