Apologies for this, I did some searching but didn't come up with an
answer.

We have an existing 3.5.1 AD driver currently happily syncing passwords
from the IDVault into AD. As part of an email outsourcing project, I
will be using Microsoft ILM to provision users into a hosted Exchange
environment. As we all know, the password in AD is non-reversable. ILM
(apparently, I have no experience with the product just yet) handles
this similarly to the AD password filter, by grabbing the password on an
update and passing it to the connected domain.

So, in order to provision my 70k+ users with their current password
intact, I need to find a way to get the IDM AD driver to process the
password as if the user had just changed it. As best I can tell from
examining the driver, this will not happen simply by syncing the user(s)
through iManager. I ran a little test case by stopping the driver,
changing a password, deleting the event from the driver cache & then
re-starting the driver and syncing the user in question, and the
password did not update in AD.

What's the best way to do this? Can I simply edit the Password(Sub)-*
policies in the event transform to process on a sync or modify as well
as on an add? Or should I be looking for some other work-around.

The alternative is to ask all 70k+ users to change their passwords in
order to be provisioned into the outsourced email solution, which my
team, our Helpdesk and everyone's management would clearly just as soon
avoid doing.


--
keithbmartin
------------------------------------------------------------------------
keithbmartin's Profile: http://forums.novell.com/member.php?userid=48654
View this thread: http://forums.novell.com/showthread.php?t=404867