On 02.06.2012 16:56, nomad213 wrote:
> Hello,
> IDM 3.6.1 (eDir ---> AD Sync) on OES11; Remote Loader on Windows Server
> 2008 R2.
> First:
> Have several users with UP enabled, but not set, thus causing the
> password sync status to be "Not Synchronized" between systems for the
> affected users. Resetting the password or a user login sets the UP, thus
> changing the status to "Synchronized", but wonder if anyone knows of a
> way to force the setting of the UP on users who do not have it set
> without resetting the password or having the users log in?

For several customers I have whipped up a simple null driver that
effectively checks if a universal password is set for the user and if
not, sets a password for the user based on some pre-determined rule.

It's just not possible to retrieve the NDS password and convert that to
an universal password. This isn't supported by design.

> Second:
> Synchronized groups are not getting the "Group Name" appropriately set
> in AD. Groups are getting a value that starts with a $ set. I applied
> the latest AD driver patch (3.5.17) on the remote loader, but did not
> seem to help. The Group and CN attribute are set to synchronized on the
> subscriber filter channel. Could anyone shed a light here on what could
> be causing the name attribute not to be properly set?

Did you read the patch installation notes, from memory this was fixed in
an updated AD driver preconfig that shipped with AD patch 4 (or maybe 3)
for 3.6.1

To get this fix, you either needed to use this preconfig (assuming you
hadn't customised your AD driver at all) or port this fix to your
existing AD driver.

The fix was mostly in the subscriber creation policy (for groups)