Transition from DirSync + Password Sync to ADFS

Hi All,
We are planning to move from DirSync + Password Sync to SSO using ADFS.
I am trying to understrand the transition steps required including user experience and any down time.
As I understand, when the ADFS infrastrucutre is ready and deployed and trust has been set up, the authentication will automatically move from cloud to the on-premises AD.
What I want to know is - what happens to passwords synchronized to Azure AD?
DO they remain their but not just used anymore?
Also, what will happen if we do not turn off the password sync option in DirSync.
Will it continue to sync the passwords although they will not be used for authentication?
Are there any guidelines available - blog/technet etc describing this transition please?
Regards,
Ajay Suri

Some information on the "Password Sync as a Backup" option: 
http://social.technet.microsoft.com/wiki/contents/articles/17857.aad-sync-how-to-switch-from-single-sign-on-to-password-sync.aspx
Joseph Palarchio
http://www.itworkedinthelab.com

Similar Messages

  • OIM AD password Sync connector. Connection to AD through SSL

    Hi.
    I am trying to configure AD password sync connector 9.1.1.5 with patch 14627510 to connecto to AD through SSL.
    At this moment, connector is able to connect to OIM through SSL but not to the AD. If i set AD port number to 389 on the connector configuration, everything works fine.
    If i set it to 636, it is not able to connect to the AD.
    I've imported the AD SSL certificate to <connector install directory>\OIMADPasswordSync\_jvm\lib\security\cacerts and restarted the domain controller but still no luck.
    To test that the certificate and everything else is OK, i've also installed a jxplorer and imported the same certificate into <jexplorer install directory>\jxplorer321\security\cacerts. Jxplorer is able to connect to the AD through SSL on port 636 so user credentials, certificate, etc.. are ok
    Connector documentation doesn't mention anything regarding SSL connection to AD, it only describes SSL connection to OIM.
    Anyone has donde this before? Is there any additional step i should follow to enable SSL connection from AD password sync connector to AD? Does the connector support SSL connection to AD?
    Regards.

    have you tried importing the cert in cacerts under $JAVA_HOME?

  • I need help for install and configure password sync from AD to OID

    Hi guys!
    I need to sync passwords from AD to OID, first all, ¿What software do I need? I read some docs and don't find the good config.
    I'm trying with:
    -Database 11g
    -Weblogic 11g
    -SOA 11g
    -IDM 11g
    -IAM 11g
    First I install the Database and load the schemas with RCU, next install Weblogic without domian, next install SOA, next install IDM (OID and DIP) in a new Weblogic Domain, next install IAM, next configure IAM in the domain created before, next configure SSL, check the config by using ldapbind, next configure DIP.
    It's that ok?
    ¿What I am doing wrong?
    Thank you all.

    If all you need is AD & OID then OIM is not required. DIP alone can handle this
    Password sync should work using DIP. if this is not working then check synchronization mapping and verify that password attribute is also part of this AD-OID sync. Enable debug in synchronization profile or raise an Service Request with Oracle support.
    Check
    http://docs.oracle.com/cd/E23943_01/oid.1111/e10031/odip_actdir.htm#CHDIGDEH
    and
    http://docs.oracle.com/cd/E23943_01/oid.1111/e10031/odip_config_integration.htm#BABBFAAJ
    and
    http://docs.oracle.com/cd/E23943_01/oid.1111/e10031/odip_adpasswordsync.htm#CHDBIIJC
    Atul Kumar

  • DirSync with Password Sync - Account Expiry

    Hi All,
    New to Office 365 - Hence a basic question.
    We have been exploring various DirSync options and considering DirSync with password sync at the moment.
    The msdn documentation suggests DirSync with Password sync sets the account expiry to 'Never Expire'.
    I understand we can also set account expiry for all tenant user accounts through Set-MsolPasswordPolicy cmdlet.
    If I use this cmdlet for setting expiry to say 90 days, will password sync overwrite the account expiry to 'Never expire' on next synchronization?
    Please advise.
    Regards,
    Ajay Suri

    If you don't check the "Enable Password Sync"
    checkbox, then the Azure password policies would apply, of course.
    The attributes included in DirSync are listed
    here.
    Yes, when you use Dirsync, all attributes are mastered on-prem.  This doesn't apply to passwords unless you check the box in #1.  Also, this doesn't apply to objects created in Azure manually (i.e. ones that weren't/aren't synced).
    Mike Crowley | MVP
    My Blog --
    Planet Technologies

  • OIM AD reverse password sync from one AD instance to multiple OIM instances

    Hi All,
    I have a followind scenario. My client is having multiple offices across the globe. They have OIM installed and configured in each location in each country to manage there local applications. Client also has a Global LDAP which is common across all the offices worldwide.
    My requirement is then i need to setup reverse password sync from Global LDAP to all the OIM sysem across the Globe. As per the reverse password sync connector i can only define one OIM system to sync the password.
    Can you please suggest me some way to achieve this functionality? Is it possible to install more than one password sync connector and configure them with different OIM systems?
    Thanks
    Yogesh

    I have one AD instance and n OIM instances. Can i install multiple AD-OIM passwordd sync components on the same AD machine and configure each component with various OIM's?

  • After transition from mobileme to iCloud everything seems working as expected, except from my music that doesn't sync within devices. Any suggestions?

    After transition from mobileme to iCloud everything seems working as expected, except from my music that doesn't sync within devices. Any suggestions?

    Hi pvonk,
    Thanks for the tip...I just logged onto iCloud.com and the folders/mail are correct (compared to my laptop). This tells me the problem is on my phone. So I will try an erase/restore to see what that does!
    thanks,
    N.

  • Dirsync with password sync - write-back?

    DirSync with Password sync. Can it be configured to write-back password changes to on-premise AD? If not, the passwords on Azure AD are quickly going to go out of sync with the the on-premise AD. A user changes their password remotely using Office 365 comes
    back into the office and find they have to use their old password to log onto the computer but their new password to access email/sharepoint/lync etc.. Messy.
    Thanks
    Lewiss101

    Password write-back (Cloud -> on-premises) is currently not on the roadmap.
    There are two important points to consider:
    Passwords synchronized to Office 365 never expire.
    With Password Sync enabled, users are no longer offered to change their passwords in Office 365. Password changes must be initiated on-premises.
    What this means, is that remote users will only be able to change their password against your Active Directory (through VPN or FIM portal for example). Such change will be synced with Office 365.
    What this also means, is that if your on-premises password expires, your user will still be able to access Office 365 resources with their current password - until such time when they get back to your on-premises AD and change their password, which
    again will then by synchronized.
    Does this cover your requirements?
    Yann

  • Password Sync from Active Directory Locking Accounts

    Hello,
    We recently set up Active Directory as a resource and are synching passwords. We are using IDM 7.1.1.11. We are noticing that when actions in IDM push the password out to AD, and they sync comes back to IDM, the sync workflow is locking up the account, before the original IDM action completes. For example, when an admin resets a users password, they see several error messages stating that the account is locked by the account that authenticates through the password sync utility. They also see succesful password reset messages, but I would like it if they didn't see errors saying the account is locked. We are using a direct connection between the Password Sync util and IDM. Has anyone ran into this? Any advice on overcoming it?
    Thanks.
    Jim

    I opened a support case with Sun about this issue, and they recommended logging a trace file for com.waveset.adapter.ActiveDirectoryActiveSyncAdapter. While the tracefile does not seem to contain any useful information, the simple fact that there is tracing going on for it now seems to be easing the situation. In my test environment I saw occurrences of this locking problem drop by 90-95% simply by turning the tracing on. I started tracing in production in the hopes that it will at least lessen the occurances of this.
    Sounds like we are taking the same approach Raj, the problem I've been having with it is getting it to happen will I'm debugging our reset password workflow. I want to make sure I add the locking check in the right place, so I was attempting to determine which area to check for it.
    I'll be sure to keep the thread updated if anything changes on our end.
    Jim

  • Password sync even with AD FS?

    If we implemented AD FS for use with Intune/SCCM and DirSync, does password sync also need to be enabled?
    As I understand DirSync is required for Intune when SCCM is used, even if AD FS is implemented, but what about Password sync?

    No, not if you have ADFS stood up and federation with configured with Azure AD.
    Yes, DirSync must be used to populate Azure AD which Intune in turn uses.
    Ultimately, you are asking about where user's will authenticate against. With ADFS and federation, they will authenticate against your internal AD. Without ADFS and federation, they need to authenticate against Azure AD and so you must use password sync
    so that they can use the same password as they do internally. I guess strictly speaking, you could get away without having password sync enabled, but then how would the users know what password to use?
    Jason | http://blog.configmgrftw.com

  • Error in installing the Password Sync connector

    Hello friends,
    I am installing the Active Directory Connector Password Sync on the domain controller, these are the results of the installation log. Any suggestions to solve the problem. thanks
    (Oct 14, 2011 9:08:39 AM), Install, com.installshield.wizard.platform.win32.Win32PPKRegistryServiceImpl, dbg.registry, reading VPD from C:\WINDOWS\vpd.properties
    (Oct 14, 2011 10:11:33 AM), Install, com.oracle.installshield.adpwd.getAttributeVal, dbg, defaultNamingContext
    (Oct 14, 2011 10:11:33 AM), Install, com.oracle.installshield.adpwd.getAttributeVal, err, [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]
    (Oct 14, 2011 10:11:33 AM), Install, com.oracle.installshield.adpwd.getDomainName, dbg, dnsHostName
    (Oct 14, 2011 10:11:33 AM), Install, com.oracle.installshield.adpwd.getDomainName, err, [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]
    (Oct 14, 2011 10:27:06 AM), Install, com.oracle.installshield.adpwd.pathValidator, err, could not create directory D:\$P(absoluteInstallLocation)
    (Oct 14, 2011 10:28:16 AM), Install, com.oracle.installshield.adpwd.pathValidator, err, could not create directory D:\$P(absoluteInstallLocation)
    (Oct 14, 2011 10:28:34 AM), Install, com.oracle.installshield.adpwd.pathValidator, err, could not create directory D:\$P(absoluteInstallLocation)
    (Oct 14, 2011 10:28:46 AM), Install, com.oracle.installshield.adpwd.pathValidator, err, could not create directory D:\$P(absoluteInstallLocation)
    (Oct 14, 2011 10:29:09 AM), Install, com.oracle.installshield.adpwd.pathValidator, dbg, C:\Progra~1\oracle\OIMADPasswordSync\Logs Directory already exists
    (Oct 14, 2011 10:30:07 AM), Install, com.oracle.installshield.adpwd.pathValidator, dbg, C:\Progra~1\oracle\OIMADPasswordSync\Logs Directory already exists
    (Oct 14, 2011 10:41:49 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, calculating size from directory C:\DOCUME~1\user\LOCALS~1\Temp\LRE1.tmp
    (Oct 14, 2011 10:41:49 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, calculating size from directory C:\DOCUME~1\user\LOCALS~1\Temp\LRE1.tmp
    (Oct 14, 2011 10:41:58 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, attempting to use the current JVM
    (Oct 14, 2011 10:41:58 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, copying the current JVM
    (Oct 14, 2011 10:41:58 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, copying directory C:\DOCUME~1\user\LOCALS~1\Temp\LRE1.tmp to C:\Program Files\oracle\OIMADPasswordSync\_jvm
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, JVM_HOME = C:\Program Files\oracle\OIMADPasswordSync\_jvm
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Files (files): free=16516032 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Files (files)
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Files (files): free=16258032 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Files (dlls): free=16241712 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Files (dlls)
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Files (dlls): free=17534280 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Win32 Registry Update (registryUpdate): free=17517840 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Win32 Registry Update (registryUpdate)
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Win32 Registry Update (registryUpdate): free=16909032 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Create Directory (createLogDir): free=16892816 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Create Directory (createLogDir)
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Create Directory (createLogDir): free=16838120 total=20971520
    (Oct 14, 2011 10:42:03 AM), Install, com.installshield.wizard.platform.win32.Win32PPKRegistryServiceImpl, dbg.registry, writing VPD to C:\WINDOWS\vpd.properties
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, Reading in ASCII file C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif.
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 7/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, ou: oimpwdsyncdomain.inet
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 5/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, name: oimpwdsyncdomain.inet
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 3/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, OU=oimpwdsyncdomain.inet,persistentstore,domaindn
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 0/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, dn: OU=oimpwdsyncdomain.inet,persistentstore,domaindn
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: domaindn ON LINE: 3/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, OU=oimpwdsyncdomain.inet,persistentstore,DC=domain,DC=inet
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: domaindn ON LINE: 0/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, dn: OU=oimpwdsyncdomain.inet,persistentstore,DC=domain,DC=inet
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: persistentstore ON LINE: 3/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, OU=oimpwdsyncdomain.inet,ou=IDM-quota,DC=domain,DC=inet
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: persistentstore ON LINE: 0/
    (Oct 14, 2011 10:42:06 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, dn: OU=oimpwdsyncdomain.inet,ou=IDM-quota,DC=domain,DC=inet
    (Oct 14, 2011 10:42:06 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, in Create the initial directory context
    (Oct 14, 2011 10:42:06 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, Request: 1 cancelled
    (Oct 14, 2011 10:42:06 AM), Install, com.oracle.installshield.adpwd.ldapModify, dbg, C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif
    (Oct 14, 2011 10:42:06 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, gen exp
    (Oct 14, 2011 10:42:06 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, null
    (Oct 14, 2011 10:55:13 AM), Install, com.installshield.wizard.platform.win32.Win32PPKRegistryServiceImpl, dbg.registry, reading VPD from C:\WINDOWS\vpd.properties
    (Oct 14, 2011 10:55:23 AM), Install, com.oracle.installshield.adpwd.getAttributeVal, dbg, defaultNamingContext
    (Oct 14, 2011 10:55:24 AM), Install, com.oracle.installshield.adpwd.getAttributeVal, err, [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]
    (Oct 14, 2011 10:55:24 AM), Install, com.oracle.installshield.adpwd.getDomainName, dbg, dnsHostName
    (Oct 14, 2011 10:55:24 AM), Install, com.oracle.installshield.adpwd.getDomainName, err, [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]
    (Oct 14, 2011 10:57:21 AM), Install, com.oracle.installshield.adpwd.pathValidator, err, could not create directory D:\$P(absoluteInstallLocation)
    (Oct 14, 2011 10:57:38 AM), Install, com.oracle.installshield.adpwd.pathValidator, dbg, C:\Progra~1\oracle\OIMADPasswordSync\Logs Directory already exists
    (Oct 14, 2011 11:00:18 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, calculating size from directory C:\DOCUME~1\user\LOCALS~1\Temp\LRE3.tmp
    (Oct 14, 2011 11:00:19 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, calculating size from directory C:\DOCUME~1\user\LOCALS~1\Temp\LRE3.tmp
    (Oct 14, 2011 11:00:21 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, attempting to use the current JVM
    (Oct 14, 2011 11:00:31 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, copying the current JVM
    (Oct 14, 2011 11:00:31 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, copying directory C:\DOCUME~1\user\LOCALS~1\Temp\LRE3.tmp to C:\Program Files\oracle\OIMADPasswordSync\_jvm
    (Oct 14, 2011 11:00:35 AM), Install, com.installshield.wizard.platform.win32.Win32JVMServiceImpl, dbg.jvm, JVM_HOME = C:\Program Files\oracle\OIMADPasswordSync\_jvm
    (Oct 14, 2011 11:00:35 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Files (files): free=17418496 total=20971520
    (Oct 14, 2011 11:00:35 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Files (files)
    (Oct 14, 2011 11:00:35 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Files (files): free=17160072 total=20971520
    (Oct 14, 2011 11:00:35 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Files (dlls): free=17125832 total=20971520
    (Oct 14, 2011 11:00:35 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Files (dlls)
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Files (dlls): free=17012768 total=20971520
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Win32 Registry Update (registryUpdate): free=16996328 total=20971520
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Win32 Registry Update (registryUpdate)
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Win32 Registry Update (registryUpdate): free=16365640 total=20971520
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory before installing Create Directory (createLogDir): free=16349424 total=20971520
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, msg1, installing Create Directory (createLogDir)
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32ProductServiceImpl, dbg.install, JVM memory after installing Create Directory (createLogDir): free=16294688 total=20971520
    (Oct 14, 2011 11:00:36 AM), Install, com.installshield.wizard.platform.win32.Win32PPKRegistryServiceImpl, dbg.registry, writing VPD to C:\WINDOWS\vpd.properties
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, Reading in ASCII file C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif.
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 7/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, ou: oimpwdsyncdomain.inet
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 5/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, name: oimpwdsyncdomain.inet
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 3/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, OU=oimpwdsyncdomain.inet,persistentstore,domaindn
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: orclpwfbasedn ON LINE: 0/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, dn: OU=oimpwdsyncdomain.inet,persistentstore,domaindn
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: domaindn ON LINE: 3/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, OU=oimpwdsyncdomain.inet,persistentstore,DC=domain,DC=inet
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: domaindn ON LINE: 0/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, dn: OU=oimpwdsyncdomain.inet,persistentstore,DC=domain,DC=inet
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: persistentstore ON LINE: 3/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, OU=oimpwdsyncdomain.inet,ou=storepersistent,DC=domain,DC=inet
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, /REPLACE TEXT: persistentstore ON LINE: 0/
    (Oct 14, 2011 11:00:39 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, dn: OU=oimpwdsyncdomain.inet,ou=storepersistent,DC=domain,DC=inet
    (Oct 14, 2011 11:00:41 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, in Create the initial directory context
    (Oct 14, 2011 11:00:41 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, Request: 1 cancelled
    (Oct 14, 2011 11:00:41 AM), Install, com.oracle.installshield.adpwd.ldapModify, dbg, C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif
    (Oct 14, 2011 11:00:41 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, gen exp
    (Oct 14, 2011 11:00:41 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, null

    This is the contents of prepAD.ldif
    dn: OU=oimpwdsyncdomain.inet,ou=IDM,DC=domain,DC=inet
    changetype: add
    distinguishedName:
    OU=oimpwdsyncdomain.inet,ou=IDM,DC=domain,DC=inet
    instanceType: 4
    name: oimpwdsyncdomain.inet
    objectClass: organizationalUnit
    ou: oimpwdsyncdomain.inet
    Result of manual execution of this file
    C:\Program Files\oracle\OIMADPasswordSync>ldifde -i -f prepAD.ldif
    Connecting to "SERVER.DOMAIN.INET"
    Logging in as current user using SSPI
    Importing directory from file "prepAD.ldif"
    Loading entries.
    Add error on line 1: No Such Object
    The server side error is "Directory object not found."
    0 entries modified successfully.
    An error has occurred in the program
    No log files were written. In order to generate a log file, please
    specify the log file path via the -j option.
    Friends, any suggestions for the solution of this case
    Thanks.

  • AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

    I have set up AD password sync with from AD to OIM 11G R2
    The password syncs from AD to OIM 11G R2 on non ssl port 389.
    But if fails on SSL Port 636.
    Errors in OIMMain.Log:_
    Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
    Debug [10/11/2012 10:49:34 AM]
    ldap_connect failed with
    Debug [10/11/2012 10:49:34 AM] Server Down
    Debug [10/11/2012 10:49:34 AM]
    Steps Carried Out thus far:_
    AD is up and running.
    Configured AD Password Sync Connector on 636 and selected ssl.
    Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
    Imported Certificate to AD. After this, restarted the AD
    I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
    Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
    Help would be appreciated.
    Many Thanks

    This question is now been fixed.
    Instead of explicitly stating 636 for SSL,
    Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
    Export Certificates from AD to java security keystore and to weblogic keystore
    Export .pem certificate created on OIM host machine to AD.
    Restart weblogic, oim and AD
    Everything would work fine.
    For all the other information, refer to doc.
    Thanks

  • Password Sync Connector for AD

    Hello All,
    I am newbie.
    In my organization, we are trying to set up a password sync connector to change/update passwords iin microsoft active directory.
    We are planning to have a simple form that interacts with OIM. And OIM provisions the password update to the corresponding user record in Active Directory.
    Form has
    Username:--
    Old password:--
    New password:--
    After the password is updated in the OIM, I am not sure how to provision it to Active directory.
    Please help me out with this.
    Regards,
    VSN

    See this post.
    Re: how to trigger update in oim attribute to resource
    You'll need to trigger the password change from the OIM User Profile onto your target application form. This would then trigger the Password Updated task on that provisioning process definition.
    -Kevin

  • Password Sync Connector Error 11gR2

    Hi all,
    I am using following products
    IDM 11.1.2.0,
    activedirectory-11.1.1.5.0 connector with Patch P14190610_111150_Generic.
    MSFT_PSync_91150 for Password Sync.
    Please let me know that AD Password Sync Connector 9.1.1.5 can be configured with OIM *11gR2* ?
    Because I am getting error *"Password updation failed in child process "* I have used the same connector with OIM 11.1.1.5.0 (11gR1) and it was working fine. do i need to make any changes / settings in the OIM for AD Resource also?
    Thanks

    thanks for your reply,
    Please can you help me on the following ....
    I have installed AD PasswordSync Connector 9.1.1.5.0 (MSFT_AD_PSync_9.1.1.5.0) with newly released patch MSFT_AD_PSync_9.1.1.5.6 (patch 14627510). I am getting error that Password updation failed in child process
    its not making any sence as the same connector was working fine with 11gR1. I have uninstalled and reconfigured the connector but no luck.
    Can you through some light on it?
    what i think that there is some communication issue between IDM and AD server, I have check the communication and found no issue. is it that SSL is compulsory for this connector although its not mentioned in any of the document.
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    ebug [10/09/12 14:09:27] Inside sgsloidi::setParameters
    Debug [10/09/12 14:09:27] The SOAP start element is
    Debug [10/09/12 14:09:27] <processRequest xmlns=""><sOAPElement>
    Debug [10/09/12 14:09:27] The SOAP end element is
    Debug [10/09/12 14:09:27] </sOAPElement></processRequest>
    Debug [10/09/12 14:09:27] The path is
    Debug [10/09/12 14:09:27] /spmlws/OIMProvisioning
    Debug [10/09/12 14:09:27] End of sgsloidi::setParameters
    Debug [10/09/12 14:09:27] Begin function sgsloidi::queryADUserAttribute()
    Debug [10/09/12 14:09:27] Inside sgsladac c-tor
    Debug [10/09/12 14:09:27] AD Host
    Debug [10/09/12 14:09:27] 172.20.20.135
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Port
    Debug [10/09/12 14:09:27] 389
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Base DN
    Debug [10/09/12 14:09:27] DC=YYYt,DC=vvv,DC=www
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] Inside ConnectToADSI
    Debug [10/09/12 14:09:27]
    ADSI Bind success full
    Debug [10/09/12 14:09:27] Begin function sgsladac::searchAttrValue()
    Debug [10/09/12 14:09:27] [Base DN : DC=yyy,DC=vvv,DC=www]; [Filter : (&(objectClass=user)(samAccountName=IDM005))]; [Attribute : samAccountName]
    Debug [10/09/12 14:09:27] Search success with one result.
    Debug [10/09/12 14:09:27] End function sgsladac::searchAttrValue()
    Debug [10/09/12 14:09:27] End function sgsloidi::queryADUserAttribute()
    Debug [10/09/12 14:09:27] Inside sgsladac destructor
    Debug [10/09/12 14:09:27] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault><faultcode>env:Client</faultcode><faultstring>Unknown method</faultstring></env:Fault></env:Body></env:Envelope>
    Debug [10/09/12 14:09:27] Inside sgsloidiOIMGeneralErrorHandler
    Debug [10/09/12 14:09:27] Unable to update IDM005. There are error messages in the searchReponse. Please check log for details
    Debug [10/09/12 14:09:27] Inside sgsladds::sgslperwriteData YOOOO
    Debug [10/09/12 14:09:27] Inside sgsladac c-tor
    Debug [10/09/12 14:09:27] AD Host
    Debug [10/09/12 14:09:27] 172.20.20.135
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Port
    Debug [10/09/12 14:09:27] 389
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Base DN
    Debug [10/09/12 14:09:27] DC=yyy,DC=vvv,DC=www
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] Only dataattribute
    Debug [10/09/12 14:09:27] Got Registry enteries
    Debug [10/09/12 14:09:27] contact
    Debug [10/09/12 14:09:27] description
    Debug [10/09/12 14:09:27] Got Entiredn
    Debug [10/09/12 14:09:27] OU=oimpwdsyncmoetest.gov.kw,ou=OIMADPasswordSync,DC=yyy,DC=vv,DC=wwww
    Debug [10/09/12 14:09:27] Encrypted record already exists in Datastore
    Debug [10/09/12 14:09:27] Already Exists
    Debug [10/09/12 14:09:27] Encrypted record already exists in Datastore
    Debug [10/09/12 14:09:27] Already Exists
    Debug [10/09/12 14:09:27] Inside sgsladdsSearchUser
    Debug [10/09/12 14:09:27] Firing Search Request
    Debug [10/09/12 14:09:27] AD search for a user objectGUID is successfull
    Debug [10/09/12 14:09:27] Count success
    Debug [10/09/12 14:09:27] Search result fetched
    Debug [10/09/12 14:09:27] 0:430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] --------------------&&&----------------
    Debug [10/09/12 14:09:27] Inside sgsladds::sgsladdsgetData NEW Look
    Debug [10/09/12 14:09:27] 0:430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] Encoded Data Extracted in sgsladdsgetData
    Debug [10/09/12 14:09:27] 430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] Moving out sgsladdsgetData
    Debug [10/09/12 14:09:27] Encoded Data Extracted
    Debug [10/09/12 14:09:27] 430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] Incrementing the MAX_RETRY LIMIT:
    Debug [10/09/12 14:09:27] 1
    Debug [10/09/12 14:09:27] numretries ======
    Debug [10/09/12 14:09:27] 1
    Debug [10/09/12 14:09:27] Inside sgslcodsupdateChild
    Debug [10/09/12 14:09:27] 1:430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27]
    Encrypted record data updated successfully
    Debug [10/09/12 14:09:27] Inside sgsladac destructor
    Debug [10/09/12 14:09:27] End of sgsloidiOIMGeneralErrorHandler
    Debug [10/09/12 14:09:27] Password updation failed in child process
    Debug [10/09/12 14:09:27]
    Relaxing while processing records from datastore
    Debug [10/09/12 14:09:29]
    About to UNBIND datastore after processing the Records
    Debug [10/09/12 14:09:29]
    Deleting datastore object pointer
    Debug [10/09/12 14:09:30] Datastore --- Connect to AD
    Debug [10/09/12 14:09:30]

  • Cannot Get AD Password Sync to Function

    I have install the AD Password connector s that I can syncronize passwords from AD to OIM and the otherway as well. When I change the password in OIM, it works fine. But when I try to chane it in AD, I get the following error:
    Debug [05/16/12 16:30:34] Inside sgsladac destructor
    Debug [05/16/12 16:30:34] Datastore --- About to Instantiate Object
    Debug [05/16/12 16:30:34]
    Inside sgslpascexecute
    Debug [05/16/12 16:30:34] GUID outside -->
    Debug [05/16/12 16:30:34] Jv1Gnn5DC0SzEn1jS11pAw==
    Debug [05/16/12 16:30:34] KERMIT
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] Inside sgsloidi::sgsloidiupdateOIM
    Debug [05/16/12 16:30:34] Inside sgsloidi::getConfigParamters
    Debug [05/16/12 16:30:34] Start getting config parameters from registry
    Debug [05/16/12 16:30:34] oimhost is
    Debug [05/16/12 16:30:34] oimserver.test.mydomain.local
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] oimport is
    Debug [05/16/12 16:30:34] 14000
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] oimuserattr is
    Debug [05/16/12 16:30:34] Users.User ID
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] oimusessl is
    Debug [05/16/12 16:30:34] N
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] oimappservertype is
    Debug [05/16/12 16:30:34] 1
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] End of sgsloidi::getConfigParamters
    Debug [05/16/12 16:30:34] Inside sgsloidi::setParameters
    Debug [05/16/12 16:30:34] The SOAP start element is
    Debug [05/16/12 16:30:34] <processRequest xmlns=""><sOAPElement>
    Debug [05/16/12 16:30:34] The SOAP end element is
    Debug [05/16/12 16:30:34] </sOAPElement></processRequest>
    Debug [05/16/12 16:30:34] The path is
    Debug [05/16/12 16:30:34] /spmlws/OIMProvisioning
    Debug [05/16/12 16:30:34] End of sgsloidi::setParameters
    Debug [05/16/12 16:30:34] Found User ID:
    Debug [05/16/12 16:30:34] Users:26
    Debug [05/16/12 16:30:34] <env:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Header/><env:Body env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><m:processRequestResponse xmlns:m="http://xmlns.oracle.com/OIM/provisioning"><setPasswordResponse xmlns="urn:oasis:names:tc:SPML:2:0:password" error="customError" status="failure"><errorMessage>exception=OIMEventException;errorMessage=Method not found: 'setXelleratePasswordx(JLjava.lang.String;ZLjava.lang.String;)'; nested exception is: java.rmi.UnmarshalException: Method not found: 'setXelleratePasswordx(JLjava.lang.String;ZLjava.lang.String;)'</errorMessage></setPasswordResponse></m:processRequestResponse></env:Body></env:Envelope>
    Debug [05/16/12 16:30:34] Inside sgsloidiOIMGeneralErrorHandler
    Debug [05/16/12 16:30:34] Unable to update KERMIT. The OIM server rejected the setPasswordRequest. Please check the OIM server log for more details
    Debug [05/16/12 16:30:34] Inside sgsladds::sgslperwriteData YOOOO
    Debug [05/16/12 16:30:34] Inside sgsladac c-tor
    Debug [05/16/12 16:30:34] AD Host
    Debug [05/16/12 16:30:34] X.X.X.X
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] AD Port
    Debug [05/16/12 16:30:34] 389
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] AD Base DN
    Debug [05/16/12 16:30:34] dc=oimpoc,dc=mydomain,dc=local
    Debug [05/16/12 16:30:34]
    Debug [05/16/12 16:30:34] Only dataattribute
    Debug [05/16/12 16:30:34] Got Registry enteries
    Debug [05/16/12 16:30:34] contact
    Debug [05/16/12 16:30:34] description
    Debug [05/16/12 16:30:34] Got Entiredn
    Debug [05/16/12 16:30:34] OU=oimpwdsyncoimpoc.mydomain.local,ou=psync,ou=IAM NEW USERS,dc=oimpoc,dc=mydomain,dc=local
    Debug [05/16/12 16:30:34] Encrypted record already exists in Datastore
    Debug [05/16/12 16:30:34] Already Exists
    Debug [05/16/12 16:30:34] Encrypted record already exists in Datastore
    Debug [05/16/12 16:30:34] Already Exists
    Debug [05/16/12 16:30:34] Inside sgsladdsSearchUser
    Debug [05/16/12 16:30:34] Firing Search Request
    Debug [05/16/12 16:30:34] AD search for a user objectGUID is successfull
    Debug [05/16/12 16:30:34] Adding a new node to datastore
    Debug [05/16/12 16:30:34] Inside sgslutilconcatData
    Debug [05/16/12 16:30:34] Entire dn is ==>
    Debug [05/16/12 16:30:34] cn=KERMIT,OU=oimpwdsyncx.x.x.x,OU=oimpwdsyncoimpoc.enbridgedv06.local,ou=psync,ou=IAM NEW USERS,dc=oimpoc,dc=mydomain,dc=local
    Now when I look at the documentation, I see that the error is for one of three reasons. The first is that the password does not meet password policies set on OIM. I left the settings as default and have made sure that the password I'm reseting it to does conform to this. In fact, I have even turned off the password policies on AD so that nothing on the AD interferes with this. The second issue mentioned is that it contains characters that Oracle doesn't support. I cannot get any more generic than upper case, lower case, numeric and no special characters but maybe I'm missing something here. The last one is _"the user ID of an OIM User contains characters in the non-native encoding of the Microsoft Active Directory system."_ Again, I couldn't be more generic and I'm only changing one character at a time.
    Now I'm a complete n00b when it come to OIM but I do have a lot of Microsoft AD experience. So if you can answer, please use small words. ;-)
    Edited by: 935038 on May 17, 2012 8:56 AM
    Edited by: 935038 on May 17, 2012 8:57 AM
    Edited by: 935038 on May 17, 2012 8:57 AM

    Hi,
    I have the same error with AD password sync connector (The OIM server rejected the setPasswordRequest).
    But I have changed the password for account AD with the same password from OIM (and in my case tree reasons of error are false).
    Can You help me please?
    Thanks
    Marianna

  • Issue with installing password sync on Windows 2008

    I have installed pwd sync 64 bit on Windows 2008. Configured it in direct mode (no jms). But when I change the password of a user it is not syncing with the IdM. We have the 32 bit pwd sync working fine on Win 2003. Is there any special steps for installing, configuring 64 bit pwd sync on Win 2008. Thanks. Jack

    Hi again Tim-
    Given the error "failed to crack URL" I believe you're hitting an issue we have documented as bug # 21999. Here's the jist of it and a possible way around it.
    ==========
    When installing password sync on a Windows 2008 system, if you are not
    logged in as 'Administrator', the installer and the configure applications
    may be subject to Windows File And Registry Virtualization (FARV). This may
    cause the registry entries for password sync to be written to the user portion
    of the registry, rather than the system portion. Subsequently, password sync
    will fail with the message "failed to crack URL".
    To work around FARV, either run the MSI installer from a privileged cmd.exe
    prompt, or run the configure.exe application using the "Run As Administrator"
    functionality (right-click on the configure.exe application, select "Run As
    Administrator").
    ==========
    Hope this helps.
    Regards,
    Alex

Maybe you are looking for