Hello All,

Quick request –

I understand this topic could have been discussed before. I’ve search
the forum, but don’t see a valuable solution. I'm using Active
Directory, but now require a rule that enables “Account is lock out” in
AD when the user is marked with intruder lockout in eDirectory.

Currently, we have a policy if the user is terminated (based on certain
policies) disable the user object and move to an Archive OU in the
Identity Vault and Active Directory. Second, our password reset
(customized userapp) is tied to the Identity Vault and when users
enables intruder lockout we would like this to flow to AD. When a user
changes his/her password with password reset, this would clear the
intruder lockout in eDirectory and if possible “clear” the “Account is
lockout” in AD. Our requirement is to have intruder lockout passed to
all connected systems including Active Directory.

Is there a way to invoke Account Lockout in AD from eDirectory based on
an intruder lockout event? If we trigger an event with intruder lockout
with a disable event this could move numerous user objects to the OU
Archive which will be disabled. We really don't want to disable the
account.

Using an LDAP broswer the user object only shows a value of
128750599875488202 for a lockout time when the account is locked in AD.

Any help. Thanks!


--
rsw4723
------------------------------------------------------------------------
rsw4723's Profile: http://forums.novell.com/member.php?userid=8590
View this thread: http://forums.novell.com/showthread.php?t=355417