Topic
3 replies Latest Post - ‏2013-08-20T06:37:58Z by franzw
SravanKumarR
SravanKumarR
41 Posts
ACCEPTED ANSWER

Pinned topic ITIM to ActiveDirectory Password sync

‏2013-08-20T05:51:39Z |

Hi

We have implemented Password sync from ITIM and AD.

But when an user changes password from ITIM (user logged into active directory domain with old password) , user's old password is stored in local desktop cache and user is able to use old password because it is checking local cache.

How to push new password to cache by locking user's computer forcefully and stating them to use new password from any jsp page/itim during password change to AD.

 

  • franzw
    franzw
    324 Posts
    ACCEPTED ANSWER

    Re: ITIM to ActiveDirectory Password sync

    ‏2013-08-20T06:16:35Z  in response to SravanKumarR

    There is no way you can force a change of the cached credentials. The use MUST logoff to get the new password....

    See f.ex. this blog : http://blog.webactivedirectory.com/2011/06/09/windows-active-directory-cached-user-credentials/

    HTH

    Regards

    Franz Wolfhagen

    • SravanKumarR
      SravanKumarR
      41 Posts
      ACCEPTED ANSWER

      Re: ITIM to ActiveDirectory Password sync

      ‏2013-08-20T06:26:36Z  in response to franzw

      Thanks Franz.

      Instead of force change of cached credentials.

      Can we place a popup(saying use new password to logon again) by checking the domain and lock the computer screen.

      Is it possible to implement?

      • franzw
        franzw
        324 Posts
        ACCEPTED ANSWER

        Re: ITIM to ActiveDirectory Password sync

        ‏2013-08-20T06:37:58Z  in response to SravanKumarR

        Almost anything is possible - but you are taking the wrong approach.

        ISIM is a standard tool - use that out of the box functionality as much as possible and carefully try make sensible compromises where the product does not deliver a given required functionality.

        Here the most reasonable solution is to solve it by stating how it works on e.g. the Windows login screen or/and the ISIM homepage - or even just an intranet site. This is something every user should know - and they should be able to learn quite quickly.

        HTH

        Regards

        Franz Wolfhagen