We're moving fully away from eDirectory to a native AD environment and have a little scenario that I wanted to sanity-check while we're mid-migration...
On our existing Windows 7 workstations we have ZCM 11 SP3 Agent along with OEM Client. There's a bunch of existing Bundle assignments that will take some time to migrate and there seems little point in doing so as we've built a fresh ZCM 2017 installation for our Windows 10 machines.
I've noticed the following behaviour on a test Windows 7 machine, which seems to be an ideal workaround to the full User Source migration detailed at https://www.netiq.com/support/kb/doc.php?id=7017934
- I change the registry key HKEY_LOCAL_MACHINE Key path SOFTWARE\Novell\Authentication\NCCredProvider\ComputerOnlyLogonDefault to 1
- this effectively disables OES login and performs "Computer Only" domain login instead
- OES Client shows no connections (as expected)
- ZCM Agent shows the equivalent user in the eDir tree as logged in
- however the user can't have been authenticated in eDirectory by the client as no OES login has been performed
My theory is that the ZCM Agent is just seeing an authenticated username via the Passive Mode Login and is mapping it to the equivalent user in eDir. This means that I get the best of both worlds in that we don't lose Bundle assignments but can lose the OES Login (and therefore maintenance of the eDir tree to some extent)
As a halfway house between Windows 7 \ ZCM 11 \ eDir and our fresh Windows 10 \ ZCM 2017 \ AD setup this looks like it'll do the trick but it seems to have happened by accident rather than design. Is it expected behaviour or just a fluke on my test machine and not something I can rely on at a larger scale?