hi,

i migrated complete contents of driversets to new driversets on new
servers (designer: import existing driverset > export to file > create
new driverset > import whole bunch of drivers and adapt settings to new
driverset/server) > deploy). after some days i deleted the old
driverset-objects.

password-sync is implemented as described in novell idm 3.5.0
admin-guide.

as i saw today changed passwords in AD are no longer published to edir,
then i realized that those "old" dirxml-associations were gone. then i
had to accept the pwd-change in AD not being a "normal" event (filter:
attrib nspmdistributionpassword: publisher > ignore is default as
described in admin-guide) so the event does not wander through the
matching policies which would correctly identify the existing
edir-object and create the appropriate association.

so: would be activating the nspmdistributionpassword on the
publisher-channel of the ad-driver and starting a synch a way to get
all those associations back?


another "not-quick-but-dirty" way of solving the problem would be
exporting all ADīs objectGUID values for all users > reformat them to
ldap and bulk-ldapmodify (here: create) those associations

or: write an ADSI-script which changes the description of all
user-objects @04:00 AM and change them back @06:00 AM

the nicest solution would be to let the driver do it though

any suggestions?


--
florianz
------------------------------------------------------------------------
florianz's Profile: http://forums.novell.com/member.php?userid=210
View this thread: http://forums.novell.com/showthread.php?t=315638