Setting Passwords for New Accounts

You have several options for setting an initial password for a new account. Setting a password happens early in the account creation process, and PasswordSync will respond to new passwords differently depending upon where and how you set the initial password.


Setting Passwords with DirXML

DirXML allows you to generate an initial password for an account based on the account's attributes or other information available through Java* services. For instance, you can generate a password based on a user's Surname plus a four-digit number. Generating an initial password requires driver customization, but is a good way to manage passwords.

If you choose to set the initial password through a DirXML customized style sheet, you should also ensure that the user will be prompted to change the initial password upon login. After the initial password is changed, passwords will be synchronized.


Setting Passwords with ConsoleOne or iManager

ConsoleOne and iManager let you set an initial password when creating a user account. In this case, the password is set before an account is associated in NT or Active Directory, thus preventing the initial password from being synchronized. Passwords will be synchronized only after the first password change.

To avoid this delay, you have several alternatives:


Setting Passwords with Microsoft Management Console

Microsoft Management Console (MMC) lets you set an initial password on a user account simply by typing the password at account creation. The password is set before PasswordSync is able to associate an eDirectory account with the NT or Active Directory account, so the PasswordSync service is not able to update the eDirectory account immediately. However, the service will retry the password update and the account will be properly updated within several minutes.