When a password syncs from edir to AD, the password in AD is expired.
This is true when the password is reset in UserApp by the user or if I
reset it in iManager as an admin. In this example, it is a user reset
done in userApp. The modify-password event looks fine going to AD.

[03/03/14 08:52:55.997]:ad ST:Remote Interface Driver: Sending...
[03/03/14 08:52:55.998]:ad ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.4">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="user" event-id="pwd-subscribe"
qualified-src-dn="O=XXXXX\OU=US\OU=EMP\CN=fn302124"
src-dn="\IDV\XXXXX\US\EMP\fn302124" src-
entry-id="39667">
<association>a37130a076b155419f5faa9da643e03c</association>
<password><!-- content suppressed --></password>
</modify-password>

Now coming back around on the publisher channel:

[03/03/14 08:52:56.113]:ad :Remote Interface Driver: Received.
[03/03/14 08:52:56.114]:ad :
<nds dtdversion="2.2">
<source>
<product build="20120330_120000"
instance="\IDV\SERVICES\IDM\DRVSET\DRIVERSET1\Doma in"
version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="user" event-id="Domain##144883807e9##1"
password-admin-reset="true" src-dn="CN=fn302124,OU=Level
1,OU=Users,OU=city,DC=st
c,DC=gulfaero,DC=com">
<association>a37130a076b155419f5faa9da643e03c</association>
<password><!-- content suppressed --></password>
</modify-password>
</input>
</nds>

The password is expired in AD and as you can see
password-admin-reset="true".

Is there a setting that controls whether the reset is seen as admin or
user?


--
ptown
------------------------------------------------------------------------
ptown's Profile: https://forums.netiq.com/member.php?userid=418
View this thread: https://forums.netiq.com/showthread.php?t=50158