- A "test" mode to see who will be affected per jwilleke.
- SSL/TLS support per 6423241.
- Source code with the app.
This tool is a GUI for changing all the users in an OU with a particular password policy to another policy. It is primarily designed for cases where the policy is not associated with the OU but instead assigned to individual users. It is particularly helpful because iManager does not always seem to clear the user's npsmPasswordPolicyDN attribute correctly and changing dozens of users by hand is a pain.
Requirements and Technical Notes:
.NET or Mono 2.0. The tool does not use LDAP certificates for simplicity and speed, so just go ahead and use it on an LDAP server that accepts straight 389 port connections without requiring SSL/TLS (i.e. use it from a workstation that has an almost straight link to the server). Also note that this is basically a shell script with a GUI bolted on -- exception handling is minimal. I regard it as polished enough to publish, and it works well in my environment, but this is not a sterling example of best software engineering practice. It is written in C# using WinForms and the ADSI frameworks. It _does_ handle wacky policy names with spaces, slashes, etc.
Instructions for use:
Algorithm (For debugging):
Source code available upon request. This was an internal project that I made universal enough to publish here, but you can probably improve its feature set and exception handling with a minimum of effort.