markcasey
New Member.
175 views

Created user disabled

Hi

I have just set up an AD connection from an EDirectory system.
I have users appearing into AD, however the users are being disabled
and forced to change password.

In the add I can see dirxml-uACAccountDisable set to false
But a Publisher chanel message comes streight back saying set to true

What have I missed, anyoone seen this before

Thanks In advance

Mark


Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Created user disabled


Is your password policy in AD and eDir in sync. In other terms, is the
password on the eDir user allowed in the Microsoft AD?

/Michael


--
mJg2XW
------------------------------------------------------------------------
mJg2XW's Profile: https://forums.netiq.com/member.php?userid=442
View this thread: https://forums.netiq.com/showthread.php?t=49247

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Created user disabled

Mark Casey wrote:


> I have just set up an AD connection from an EDirectory system.
> I have users appearing into AD, however the users are being disabled
> and forced to change password.
>
> In the add I can see dirxml-uACAccountDisable set to false
> But a Publisher chanel message comes streight back saying set to true
>
> What have I missed, anyoone seen this before


Can you post a level 3 trace of the subscriber event which creates the
user?

It's likely password complexity related as Michael suggested. Are you
sending a password with the user add? Does it meet the requirements
configured in AD?



--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Created user disabled

On Mon, 18 Nov 2013 06:30:22 +0000, Mark Casey wrote:

> I have just set up an AD connection from an EDirectory system. I have
> users appearing into AD, however the users are being disabled and forced
> to change password.


The password being used on the newly created object does not meet the
domain's password complexity requirement. The DC then disables the
account for you, as a feature.


> In the add I can see dirxml-uACAccountDisable set to false But a
> Publisher chanel message comes streight back saying set to true


Yeah. You can't override it. You have to submit a password that meets the
domain's requirements, or change the domain GPO to allow whatever
passwords you're using.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
markcasey
New Member.

Re: Created user disabled

All that is correct, and I had those problems to, once I got it
passing passwords.

However, there is one simple thing that I missed - For the Dumb Bunnys
like me.

The connection to AD needs to be secure, i.e. you need to have

Digitally sign and seal communications
or
Use SSL for LDAP connection between Driver Shim and AD

Enabled and running.


Simple really.

Mark


On Mon, 18 Nov 2013 19:30:02 GMT, David Gersic
<dgersic@no-mx.forums.netiq.com> wrote:

>On Mon, 18 Nov 2013 06:30:22 +0000, Mark Casey wrote:
>
>> I have just set up an AD connection from an EDirectory system. I have
>> users appearing into AD, however the users are being disabled and forced
>> to change password.

>
>The password being used on the newly created object does not meet the
>domain's password complexity requirement. The DC then disables the
>account for you, as a feature.
>
>
>> In the add I can see dirxml-uACAccountDisable set to false But a
>> Publisher chanel message comes streight back saying set to true

>
>Yeah. You can't override it. You have to submit a password that meets the
>domain's requirements, or change the domain GPO to allow whatever
>passwords you're using.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.