On Thu, 19 Jun 2014 15:14:01 +0000, creej wrote:

> If your password synchronization from AD to eDir is not working, e.g.
> you have the username in the driver as user@domainname instead of user.
> If you want to prevent the password syncs that are queued up on the AD
> side from synching back to eDir:
> Stop the driver.
> Stop the remote loader.
> Fix the issue on the driver that is causing PassSync to not work. On
> each AD server running PassSync:
> Change the permissions on
> HKEY_LOCAL_MACHINE\SOFTWARE\Novell\PwFilter\Data to give your user Full
> Control.
> Delete all of the subkeys under
> HKEY_LOCAL_MACHINE\SOFTWARE\Novell\PwFilter\Data. Start the remote
> loader.
> Start the driver.

Note that support doesn't recommend messing with the registry keys, or
the rights to the registry.

> This will allow other changes that are queued (name changes, etc.) while
> the driver is down to sync when it is started again but not passwords.

You could also put a policy on the input transform that strips the
passwords from all events, let it run until the queued events are done,
then remove the policy.

David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.