Synchronizing Passwords in a Multi-Tree Environment
Novell Cool Solutions: Feature
By Novell Documentation
Digg This -
Posted: 15 Jan 2003
Novell DirXML Password Synchronization for Windows is designed to synchronize passwords between any number of Microsoft Active Directory or NT domains and a single Novell eDirectory tree. With the growing popularity of deploying multiple eDirectory trees using DirXML, there is a need to expand password synchronization to a collection of trees.
A typical multi-tree deployment has a corporate tree and a workforce tree where synchronization to the Microsoft domain is driven through the workforce tree. Novell Password Synchronization for Windows is installed between the workforce tree and Active Directory as shown in the following figure.
In this scenario, a problem occurs for password synchronization when passwords are changed in the corporate tree. Users in the corporate tree are associated with the workforce tree but there is no direct link to the Active Directory account, and there is no information in the corporate tree about PasswordSync Agents servicing Active Directory. Because of this, the Novell Client is unable to push a password change to a PasswordSync Agent for synchronization to Active Directory.
The solution is to use the eDirectory driver to populate the corporate tree with the information needed by PasswordSync, and to install PasswordSync Agents into the corporate tree to communicate changes between the corporate tree and participating domains.
Complete the following procedures to set up PasswordSync in a multi-tree environment:
- Extending the Schema for Password Synchronization
- Configuring the eDirectory Drivers for Password Synchronization
- Migrating PasswordSync Data
- Installing PasswordSync into the Corporate Tree
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com