In my environment the users can't change their passwords from AD because
we've a Mainframe (IBM RACF) with different password complexity. So we
choose only change passwords inside IDM User Application or from IBM
RACF. The passwords will be synchronized from metadirectory to Active
Directory through subscriber and never from AD publisher.

While the solution is implemented (rollout phase) I need to expire the
user's password to bring then to IDM metadirectory but this is a big
problem. How I should "force" this first change of password outside
Active Directory? Is there a way to redirect the "change password" link,
inside MsGina client (Windows native client), to show IDM User
Application change password and to force the user to choose their secret
questions and some other personal informations?

I don't know if the CLE can do it, because this is a "change password"
situation and not a "forgot password" behavior.

Thank you!

* Alan Cota | Brazil.
CNE | ISM & Security Specialist.
'' (*
AlanCota's Profile:
View this thread: