6 Replies Latest reply: Nov 9, 2012 2:48 PM by Kulesh Kane RSS

    OIM AD Integration - 'User must change password at next logon'

    Kulesh Kane
      Hi,

      These are the issues in OIM AD integration that we are stuck up on:

      Issue:
      1. When OIM Admin resets the password for User1 in OIM, the password is propagated to AD but the ‘User must change password at next logon’ attribute is not updated in AD. As a result, if the User1 logs into AD account (i.e. computer), there is no prompt to change the password.
      2. When AD Admin resets the password for User1 in AD and checks the ‘User must change password at next logon’ flag, the password is propagated to OIM but the ‘obpasswordchangeflag’ attribute (of oblixPersonPwdPolicy class) is not updated in OID. As a result, if the User1 logs into OIM account, there is no prompt to change the password.

      Research:
      1. For case 1 above: When OIM Admin resets the password for User1, the ‘User must change password at next logon’ attribute on the AD process form itself is not getting updated. So the AD Connector doesn’t propagate the attribute to AD.
      2. For case 2 above: When the AD Admin resets the password for User1 in AD, the AD Password Sync connector only sends the password to OIM and not other attribute. So, there is no way to fetch the ‘User must change password at next logon’ attribute and then copy it into ‘obpasswordchangeflag’ attribute in OID.

      Environment Details:
      1. OIM-OAM-OAAM 11.1.1.5 BP02 integrated using OVD-OID 11.1.1.5
      2. AD on WIN 2008 R2.
      3. OIM AD Connector 9.1.1.7.2
      4. AD Password Sync Connector 9.1.1.5

      Any help would be highly appreciated!

      Thanks,
      Kulesh...