We would like to implement unified logon (also called Integrated Windows logon) for Image Services client applications IDM Desktop and IDMWS. This means that once the user enters the Windows OS credentials and logs into the domain, he or she should not be challenged on login to out of the box IDM DT or IDMWS. Please note that this is different from "LDAP Logon"
There is some documentation in FileNet help but it is not sufficient. The missing bit is the synchronization of user id and passwords across Windows AD and IS library. Here, I am not referring to LDAP_import / LDAP_export as that does not sync passwords and is used for LDAP Logon.
Please let me know if anybody has information or has implemented this.
SumaChakrabarti 2700005SBA2 Posts
Re: Unified Logon2009-07-30T10:14:55ZThis is the accepted answer. This is the accepted answer.Hi There,
You can export the domain users by using ntdm_exp utility. You can find this utility in C:\FileNet\FNSW\CLIENT\BIN folder where you might have installed IDMDT/WS.
Exporting Domain Users/Groups from Domain
1.Log on to the network whose users and group information need to be exported. You log on as a user with sufficient network rights to export the users.
2.Run the ntdm_exp.exe twice with different options each time from the command prompt. During the first time, you extract the group names in the NT Domain. Whereas, you extract the users in the specified group during second time.
Note: Users must use the /S option when running the command to create the XML formatted file. All error messages are logged to a file called ntdm_exp.log in the current directory.
C:\>ntdm_exp /lFNODCDC /gse /ofnusers.lst
C:\>ntdm_exp /ifnusers.lst /oxmlusers.xml /s
3.Copy the xml file to a folder of IS server.
Importing exported Users/Groups to IS
C:\>sec_imp /H<idmis_domain> /I<file>
C:\>sec_imp /hISLIB:ISOrg /ixmlusers.xml
(Here IS Server is ISLIB, xmlFile – xmlusers.xml)
When user executes the command, a prompt for user name and password appears. After entering the credentials
IS imports the users.
Note: Commands are not case sensitive. All error messages are logged to a file called SEC_imp.log in the current directory.
Let me know if this helps