none
PCNS and Galsync RRS feed

  • Question

  • We are setting up GalSync for one of our customers and at the moment we are testing the solution in the lab. Galsync works fine in the lab. However I had few questions regarding PCNS configuration.

    1. Can Password Sync be enabled on GalSync MA?

    2. We are doing GalSync, then executing preparemoverequest.ps1, then running ADMT for SID history migration and then migrating the mailbox. One of the requirement the customer has is changing the samaccountname, upn, mailnickname properties on the user once the user mailbox is migrated. Now for PCNS to work it checks the samaccountname in the metaverse (I guess), how do we provide pcns for the customer when the samaccountname does not remain unique?

    Friday, November 30, 2012 10:49 AM

Answers

  • Yes, Password Sync can be enabled on the Galsync MA as it is really the AD MA with some packaging and extension code.

    As to your 2nd question I will answer what I can.

    PCNS works by intercepting the password change/set request on the domain controller and then passing it to the sync engine, looking up the CS Object for the user by domain name and samAccountName on the management agent for the source forest (provided that Ma is configured as a source for password sync). Then it looks up the MV object to which the object is connected. Then it looks up all of its connectors and see which ones are in managements where they are configured for password management (the extensions tab). Then it calls the ChangePassword Method or SetPassword Method on each of those connectors.

    What does that mean for you?

    The changing of the samAccountName doesn't matter provided that you haven't disconnected the source or destination CS objects from the MV object. Even if your join rule is based on SamAccountName and later you change the user's samAccountName that doesn't brake the connection. If you did deprovision (disconnect the object) as part of this as long as you rejoin it to the right MV object you should be fine.


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Wednesday, December 5, 2012 6:52 AM