The universal password policy set on the user objects enables the creation of Active Directory keys from the user's associated universal password policy during DSfW provisioning. It is mandatory to have all users enabled with the universal password policy so that all domain users are ready to access the domain services and functionality.
By default, DSfW creates NMAS password policies with universal password policy settings (retain password policies = no). However, if there are existing NMAS password policies in your environment, reuse them for the DSfW domain. Ensure that the universal password policy setting is enabled in those existing NMAS password policies.
The implementation of universal password policy impacts the login procedure of all users. We recommend that you implement universal password in your environment before deploying DSfW. When universal password policy is implemented before deploying DSfW, ensure that the Retain existing Novell Password Policies on Users check box is selected during DSfW installation.
Universal password policy implementation requires you to change the login of the Novell Client in an existing environment to an NMAS-based login. This is to ensure that NDS and the Universal Password is synchronized. For more information, see Enabling Universal Password Policy for DSfW.