Can anyone explain what was special with the code below and if this the
best solution ? before this my users would always be created in a
disabled state.

The auto generated password never actually is the password in the
account. The one at the time of creation in imanager is used, however I
found I needed this code. If anyone can provide me more info please do
to explain this.





[08/24/09 14:33:41.933]:Active Directory Log ST:Applying policy:
%+C%14CPassword(Sub)-Default Password Policy%-C.
[08/24/09 14:33:41.934]:Active Directory Log ST: Applying to add #1.
[08/24/09 14:33:41.934]:Active Directory Log ST: Evaluating selection
criteria for rule 'On User add, provide default password of workforceID
if no password exists'.
[08/24/09 14:33:41.934]:Active Directory Log ST: (if-operation
equal "add") = TRUE.
[08/24/09 14:33:41.934]:Active Directory Log ST: (if-class-name
equal "User") = TRUE.
[08/24/09 14:33:41.934]:Active Directory Log ST: (if-password
not-available) = TRUE.
[08/24/09 14:33:41.934]:Active Directory Log ST: Rule selected.
[08/24/09 14:33:41.934]:Active Directory Log ST: Applying rule 'On
User add, provide default auto generated password if no password exists'.
[08/24/09 14:33:41.934]:Active Directory Log ST: Action:
do-set-dest-password(token-generate-password(policy-dn="..\..\..\..\Security\Password
Policies\Universal Password Policy for Staff and Students")).
[08/24/09 14:33:41.934]:Active Directory Log ST:
arg-string(token-generate-password(policy-dn="..\..\..\..\Security\Password
Policies\Universal Password Policy for Staff and Students"))
[08/24/09 14:33:41.934]:Active Directory Log ST:
token-generate-password(policy-dn="..\..\..\..\Security\Password
Policies\Universal Password Policy for Staff and Students")
[08/24/09 14:33:41.945]:Active Directory Log ST: Token Value:
"-- suppressed --".
[08/24/09 14:33:41.945]:Active Directory Log ST: Arg Value: "--
suppressed --".
[08/24/09 14:33:41.945]:Active Directory Log ST: Action:
do-set-dest-attr-value("dirxml-uACDontExpirePassword","true").
[08/24/09 14:33:41.946]:Active Directory Log ST: arg-string("true")
[08/24/09 14:33:41.946]:Active Directory Log ST: token-text("true")
[08/24/09 14:33:41.946]:Active Directory Log ST: Arg Value: "true".
[08/24/09 14:33:41.946]:Active Directory Log ST:Policy returned:
[08/24/09 14:33:41.946]:Active Directory Log ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add cached-time="20090824043341.452Z" class-name="User"
dest-dn="CN=sstalone,OU=Staff,DC=domain,DC=location,DC= com,DC=au "
event-id="SERVER1#20090824043341#1#1"
qualified-src-dn="O=TREE\OU=Staff\CN=sstalone"
src-dn="\TREE\TREE\Staff\sstalone" src-entry-id="32894"
timestamp="1251088421#24">
<add-attr attr-name="CN">
<value timestamp="1251088421#24" type="string">sstalone</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1251088421#9" type="string">Stalone</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1251088421#5" type="string">Sylvestor</value>
</add-attr>
<add-attr attr-name="Full Name">
<value timestamp="1251088421#7" type="string">Sylvestor
Stalone</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1251088421#8"
type="string">sstalone@domain.location.com.au</value>
</add-attr>
<add-attr attr-name="sAMAccountName">
<value type="string">sstalone</value>
</add-attr>
<add-attr attr-name="dirxml-uACDontExpirePassword">
<value type="string">true</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>