Password synchronization issues
Novell Cool Solutions: Question & Answer
Reader Rating 
Q:
I have two questions:
1. When you establish a matching policy, what information is required to make this policy work? For example: I have created a policy that matches users between eDirectory and AD. When I sync, I get an error 6005 that the entry already exists. Does this mean the two are matched?2. Password Sync: Is this something I need to install on my AD server, or has that been alleviated in 2.0? I dont remember isntalling any agent of any kind. If I need to install something, could someone point me to the source?
A:
1. Matching policies have to be crafted to match based on the actual data in eDirectory and AD. Depending on how clean and similar the data is in the two systems, this could be easy, hard, or nearly impossible. If you are getting entry already exists errors it probably means that either your matching policy doesn't fit your actual data or your placement policy doesn't guarantee uniqueness.
2. If you want to sync passwords from AD to eDirectory, you need to install password filters on all the domain controllers. See http://www.novell.com/documentation/dirxmldrivers/ad/data/bow0k51.html
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com