on 10-29-2014 4:18 PM
Hi All,
I am working on IDM 7.2 SP8, after adding suers to IDM viw a flat file, I go to UI and add the PRIV AD ONLY, So I want to set a default password for these users with some options like : User must change password at next logon.
http://i.technet.microsoft.com/gg314976.Walther_ExchQA_1010_Fig6(en-us,MSDN.10).png
I tried with repository constant (type password) but I don't know where to set this constant ?
Many thanks for your help,
Linda
Hello,
the userAccountControl in AD-attribute contains the value.
The actual value to be passed is a sum of these switch-values and they depend on your requirements:
http://support.microsoft.com/kb/305144
In IdM you can see this in the plugin task that creates the user, 546 is combination of NORMAL_ACCOUNT + PASSWD_NOTREQD + ACCOUNTDISABLE.
regards, Tero
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The default password is what ever you have stored in standard password attributes, the standard password attribute is mapped to the AD-connectors. And by default the password attributes are empty.
Easiest way would be storing the password in UI task, but sounds like you're doing a bulkload.
Do you want to use randomly generated password or type the password in the flat file you're using to import users?
Will you be using the same password later to other systems also?
regards, Tero
Hi Tera,
I am not using the UI to store the password. I am using a file to load the users in IdM.
In the UI, I add for example the privilege PRIV:AD:ONLY at this point the user is created in the AD.
I need to set the same password for all these users after adding the privilege: PRIV:AD:ONLY and only for the AD system.
so here my answers:
Do you want to use randomly generated password or type the password in the flat file you're using to import users?
--> Not a random generated password and not typing the password in the flat file. This is why I choose to store this default password in a constant.
Will you be using the same password later to other systems also?
No
Thanks,
Linda
All righty, the easiest way to achieve what you want to do is re-use the password generation from the HCM interface as follows:
Link following scripts to your import job:
Define the sap_addPassword as entry script to your job. This script will be called for each record your job processes.
Locate the script custom_initializePassword which enables SAP customers to use certain password in the password generation logic. sap_addPassword will call this script, if there is no value to be returned then random password is generated.
Enter the name of your global constant here. The logic in the scripts encrypts the value from your constant to the password attributes mx_password and mx_encrypted_password.
Enter the following attribute mapping to your job where you write the users to Id Store in the first place:
Post back here if you get in to trouble / if I forgot to include some details.
regards, Tero
My reply was based on my notes and don't have access to AD in my current project where I could verify it again.
Maybe it is combination of userAccountControl and pwdLastSet, that's what I would try next.
Hopefully someone with AD in their current implementation responds to your other thread as this requirement is not rare one.
regards, Tero
Hi Linda,
Did you resolve this?
If you need to check "User must change password at next logon" check box, then you need to add pwdLastSet as 0 in your "Set ADS Password" task.
If you add pwdLastSet = 0 in CreateADSUser task, the value gets over written by Set password task while setting the password.
Please check if this works and let us know.
Kind regards,
Jai
User | Count |
---|---|
81 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.