Topic
  • 3 replies
  • Latest Post - ‏2013-08-20T06:37:58Z by franzw
SravanKumarR
SravanKumarR
43 Posts

Pinned topic ITIM to ActiveDirectory Password sync

‏2013-08-20T05:51:39Z |

Hi

We have implemented Password sync from ITIM and AD.

But when an user changes password from ITIM (user logged into active directory domain with old password) , user's old password is stored in local desktop cache and user is able to use old password because it is checking local cache.

How to push new password to cache by locking user's computer forcefully and stating them to use new password from any jsp page/itim during password change to AD.

 

  • franzw
    franzw
    347 Posts

    Re: ITIM to ActiveDirectory Password sync

    ‏2013-08-20T06:16:35Z  

    There is no way you can force a change of the cached credentials. The use MUST logoff to get the new password....

    See f.ex. this blog : http://blog.webactivedirectory.com/2011/06/09/windows-active-directory-cached-user-credentials/

    HTH

    Regards

    Franz Wolfhagen

  • SravanKumarR
    SravanKumarR
    43 Posts

    Re: ITIM to ActiveDirectory Password sync

    ‏2013-08-20T06:26:36Z  
    • franzw
    • ‏2013-08-20T06:16:35Z

    There is no way you can force a change of the cached credentials. The use MUST logoff to get the new password....

    See f.ex. this blog : http://blog.webactivedirectory.com/2011/06/09/windows-active-directory-cached-user-credentials/

    HTH

    Regards

    Franz Wolfhagen

    Thanks Franz.

    Instead of force change of cached credentials.

    Can we place a popup(saying use new password to logon again) by checking the domain and lock the computer screen.

    Is it possible to implement?

  • franzw
    franzw
    347 Posts

    Re: ITIM to ActiveDirectory Password sync

    ‏2013-08-20T06:37:58Z  

    Thanks Franz.

    Instead of force change of cached credentials.

    Can we place a popup(saying use new password to logon again) by checking the domain and lock the computer screen.

    Is it possible to implement?

    Almost anything is possible - but you are taking the wrong approach.

    ISIM is a standard tool - use that out of the box functionality as much as possible and carefully try make sensible compromises where the product does not deliver a given required functionality.

    Here the most reasonable solution is to solve it by stating how it works on e.g. the Windows login screen or/and the ISIM homepage - or even just an intranet site. This is something every user should know - and they should be able to learn quite quickly.

    HTH

    Regards

    Franz Wolfhagen