On 2012-08-08 19:56:02 +0000, thiele said:

> Hi,
> i need a solution to report the passwordsync status for a lot of users.
> iManager only can check it for one user!
> The possibility to use a ldap query to the attribut
> "DirXML-PasswordStatus" of the userobject is not usable!
> I found this :
> ....
> DirXML-PasswordSyncStatus does not reflect whether or not the password
> is in sync - it reflects whether or not the last password set/change
> operation successfully synchronized to the connected system as a means
> of providing real time feedback at the time of changing the password
> about the progress of propagating the password to all the connected
> systems. Unfortunately, the attribute was misappropriated in the
> UserApp
> UI to try to provide a current status view - something it was never
> meant to do. .....
> Regards Andy

You could also just use ldap and check.
The attribute:
5065CFBA8D49FB4762BD5065CFBA8D49201208230949503550 00000000001Code(-8017)
Operation vetoed by object creation policy.

That very long attribute breaks donw like:
GUID of the Driver:

When this was set:

Some sequence number I assume:

The status will follow:

So an LDAP search with a filter of:
(DirXML-PasswordSyncStatus=5065CFBA8D49FB4762BD5065CFBA8D4 9*)

Will return all the users with some setting showing for the driver as
used in our example.


Thank You for your help!

Jim Willeke