Password sync issue between edir and AD

We have IDM 4.5.2 syncing users between eDir and AD, and have password sync through that driver. If we have the user pwd expiring from eDir and the user logs into Groupwise they are prompted to change their password and that password change syncs. On the other hand, if we have the password expired in AD and the user is prompted from their Windows workstation to change their password, that does not sync. If the password in AD is not set to expire but the user changes their password on their workstation it syncs as it is supposed to.
What seems to be the problem is when the user is forced to change their password by AD. On a user object in iManager if I check their password status under those circumstances, it will display the following:

"Not Synchronized. Check password connection validation.Bind failed because of one or more of the following errors.The user's password must be changed before logging on the first time.Invalid Credentials"

Is this something to be expected? I do not have GroupWise accounts for all users so I cannot fall back to having eDir be the only place where their password would expire - I have to have AD do it.

Any feedback would be appreciated

Parents Reply Children
  • Yes, this was a user in AD. BTW, this behavior seems to have started shortly after applying MS patches on the DC that the remote loader is on.
    We also noticed that, while the engine was at the 4.5 release, the RL was at 4.0.2. We have resolved the issue at this point by upgrading the Remote loader to 4.5.3 as well as applying 4.5.3 Engine update. The password sync and AD driver were at the latest version already

    Lesson to be learned here for me is to keep the whole environment up-to-date at the same time

    Thanks for the quick feedback!

  • Thank you for your feedback, dpbrant!
    > Lesson to be learned here for me is to keep the whole environment
    > up-to-date at the same time

    This is can be good advice to everybody! :)

    From my personal experience, I prefer to have RL version is same or
    higher than Engine version.

    If you find this post helpful, please show your appreciation by clicking
    on the star below :cool:
    al_b's Profile:
    View this thread: