Hello,
i am using ILM 2007 to sync users from AD to Novell Edir (and PCNS to sync passwords). Everything is working very well but now i have problem. My client ask me to sync also the password reset. I mean, when the help desk operator reset a password in AD for a user, he checks the "user must change the password at next logon" check box. This won't be synched to Novell (that use another way to ask for a new password) and so the users can use the temporary password to login in Novell without to be prompted for a new password.
Novell use attribute "passwordExpirationTime" that must be set to a date in the past (so for Novell the password is expired and asks for a new one). In AD, when "user must change the password at next logon" is checked, the attribute "pwdLastSet" is forced to ZERO.
I can manage this, using a management agent extension to transform "pwdLastSet=0" to "passwordExpirationTime=01/01/1992". But the problem is that passwords are synchronize in real time, while the pwdLastSet attribute is synchronized only based on the run profile schedulation. I can't be sure that right after a password sync, a delta sync is run.
I know that i can write a password extension, but probably i cannot it use with the Novell MA, is it right ? Do i have to write also a new MA ?
Thanks !
Bodo