Migration Manager for Active Directory

Password not syncing

I have a domain pair with password sync enabled, however passwords are not syncing from source to target if the password on the target is changed. I have a case where I want to temporarily reset the password on the target user, do a thing, then have the Quest directory sync job change it back next sync cycle.

This does not appear to be happening though, what is the expected behaviour here?  should I expect quest to re-sync the password if the PwdLastSet attribute on the target is newer

Thanks

Parents
No Data
Reply
  • Actually no. By default the newer target password would stop an older  password from the source overwriting. 

    There are a few other issues with your use case. During a Delta  sync, only changed attributes would be written to the target. In your use case the source passwords are not changed  so the delta would not have that to even over write. A full sync is required for the pwdlastset logic to even come into play. 

    A migration session would try to migrate the password, and the  pwdlastset does come into play. 

    Now there is a setting to override this logic for the directory sync server. It would impact all sync and migration operations running. 

    Again the only way the sync is going try to write the password during a delta sync is for it to be changed in the source. So exactly what you want can not be done.

    The only way to get close is to Implement the setting in the attached KB. Then the process would be

    1. Change the target password
    2. So what you need to do
    3. Run a migration session to copy the source password 

    support.quest.com/.../password-copy-sync-process-and-password-setting-behavior-in-quest-migration-manager

Children