On 7/11/2012 4:26 AM, ayeungied wrote:
> I use idm 4.0.1a.
> in our environment,
> 1. Common AD ussed for other team to maintain accounts from other
> system (Remote loader)
> 2. NDS - receive the account info published from Common AD, publisher
> channel. (IDM server)
> 3. Application AD - receive the account info from NDS, subscriber
> channel. (Remote loader)
> The password can sync from NDS to Application AD when I create a/c in
> iManager interface.
> However, when I create user in Common AD, even the account can be
> created in NDS and Application AD, I cannot use
> the password created in Common AD in Application AD.
> I've installed and configured the Password Synchronization module in
> the 2 AD for all the DCs,
> so what's wrong that causing the password cannot be synchronized?
> Thanks & Regards,
> Agnes

When the account is created in common AD and the password is set, the
password is captured by the filter and immediately sent to IDV, however
the create user event is captured in the AD cache yet to be published to
IDV. Once the polling cycle is reached the add user event will be
published to IDV and the user gets created.

Since the password is published to IDV immediately by the filter, there
is not an account created yet in IDV and the password set fails. A level
5 trace can show you this.