As the title suggests this is Part 3, and the final part in a three-part post on configuring FIM/MIM to synchronise users passwords from AD to the Domino ID Vault via PCNS and FIM/MIM.
Part 1 here detailed the creation of a PowerShell Management Agent to join users from Domino to the MIM Sync Metaverse.
Part 2 here detailed the creation and configuration of the Domino Agents to receive password changes via the PS MA into the ID Vault.
This post will wrap it all up with the details on calling the Domino Agents on password sync events (from PCNS via MIM)
You will need the IBM Notes client installed and configured on your MIM Sync Server in order to put a document in the database we created in Part 2 and start the agent to process the document(s).
Essentially this is the process;
Put this Password.ps1 script in the same location you put the Schema, Import and Export scripts earlier.
The following screen shots show me tracing through the logs for a password change as it makes it way from the AD Domain Controller to MIM Sync to the MA to the MA Password script to the Notes DB as a document triggered to be process by the Notes Agent and the user updated in the ID Vault.
First the password change event is initiated to the MIM Sync Service by the Domain Controller that captured the password change.
PCNS provides all the details for the password change.
The MIM Sync Server determines where to send the change which includes our PS Notes MA.
Our PS Notes MA logged the process.
Notes MA LOG
=============================================================
Display Name: Jane XXX/xxx/xxxxx-Aus
Action: Set
Old pwd:
New pwd: Password123456
Unlock: False
Force change: False
Validate: False
Database: System.__ComObject
As did the Notes Agent as it process the change.
Notes Agent Log
MIMPasswordSync|mimpasswordsync: 08/03/2017 02:56:22 PM: Reseting password …
MIMPasswordSync|mimpasswordsync: 08/03/2017 02:56:22 PM: Server: xxxNotes1/xxxxx-Aus User:Jane xxx/xxx/xxxxx-Aus
MIMPasswordSync|mimpasswordsync: 08/03/2017 02:56:23 PM: Return value: true
MIMPasswordSync|mimpasswordsync: 08/03/2017 02:56:23 PM: Removed User ID Vault change document from ‘xxxNotes1/xxxxx-Aus’
And finally we see the change reflected in the ID Vault. Looking at the time-stamps along the way we see that it all happened in approximately 2 seconds.
This three-part blog post has shown how to get passwords from Active Directory to the MIM Sync connected source across to IBM Domino and into the ID Vault using the Granfeldt PowerShell Management Agent and some configuration with a Database in Domino with two Domino Agents.
What have you synchronised passwords too using FIM/MIM ?
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.
View Comments