> > From target windows server, I want to get password of provisioned > user(edirectory/IDM user password). > > I can create users in target system with password. But I want to replace > password of provisioned users with IDM password at EOD. So both password > will be same.
EOD (does that mean end of day)?
> Even if any user is changing their password in target system then > changed password will be replaced with IDM password. > > is it possible from Windows Scripting driver?
Nearly anything is possible with this driver.
1. Are you using the publisher channel at all, do you have polling set up? Does the polling include the user's changed password on the target side? 2. Can you query the user's password on the target side via a script? 3. On the IDM side, the users have universal password enabled/ UP set?
1. Are you using the publisher channel at all, do you have polling set up? Does the polling include the user's changed password on the target side?
We are not importing any thing from target system. Operation on add or modify via Pub Channel will be veto.
2. Can you query the user's password on the target side via a script?
I can run a script on target system to get a list of users those has change their password in target OS. I can not get changed password of user from windows OS. So I will replace changed password with IDM password.
3. On the IDM side, the users have universal password enabled/ UP set?
Yes, UP is enabled on all users except admin's via policy.
Each poll: 1. If EOD, run script to get list of users whose passwords have changed. 2. For each user: a. use IDMQuery (VBScript) / idm_doquery (PowerShell) to retrieve their nspmDistributionPassword attribute from IDM. b. set the Windows password to the retrieved password.
See the Scripting Driver Documentation for details on IDMQuery / idm_doquery.