Announcement

Collapse
No announcement yet.

MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

    Hi,

    Our Oracle guys have requested that these attributes both be changed to replicate to the GC. My knowledge isn't good enough to understand this at them moment!

    Currently we have:
    isMemberOfPartialAttributeSet
    PwdLastSet = TRUE
    MaxPwdAge = not set

    and

    PwdLastSet = Replicate selected
    MaxPwdAge = Replicate not selected.

    My questions are basically, what affects will this have if I select it for replication? Does it require the partialattributeset as true as well?

    Thanks for any info.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

  • #2
    Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

    MaxPwdAge is a special case - PDC Emulator is reading the info from GPO (which defines the domain password policy) and writes this value to the domain Naming Context head (DC=domain,DC=tld). The rest of the DCs in domain read the info from the domain NC head (and not from GPO) and apply it.
    Not sure why someone would want the value replicated to GC...

    pwdLastSet is another story - depending on the size of your environment and placement/configuration on GCs, frequent changes to this attribute can result in additional replication traffic and constant writes to GC.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

      Thank for the reply guyt, I really appreciate it. I'm going to try and speak with them on Monday and see why they are requesting it. Not sure my brain at the weekend is good enough to completey understand this yet
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

        Andy,
        I have receive similar request from our Oracle guys, the application in use are Siebel, using LDAP between Ad and Siebel, when user logon to Siebel using Ad credentials and type wrong password, the application crash. With Oracle test they also confirm these attributes are required to be set for replication.

        Did you receive any feedback from them why? And what will the consiquences be when setting this from the schema to replicate, because this attribute is domain dependent.

        Thankj

        Jannie

        Comment


        • #5
          Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

          Hi Jannie,

          I've sent you a PM. For everyone else, it isn't related so I'm not withholding info. Still trying to find out more info on this!
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

            Did any of you actually go through with this and did you notice any problems, I as well have been asked to make these changes for a Siebal environment and would love to know more information

            Comment


            • #7
              Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

              I believe a request went to Oracle to find out why they wanted it. Can you find out why Siebal want it too?
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

                supposively in the software if hte user enters the incorrect password it will crash the object manager... whatever that is alll about, this fix is suppose to clear it up

                Comment


                • #9
                  Re: MaxPwdAge and PwdLastSet Attribute - Replicate to GC?

                  I don't think it is a fix as by default it isn't set. The fix would be for their application to work correctly with AD but I'm only saying that because I don't understand the full situation.
                  Would be good to find an answer to this. Still searching!
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment

                  Working...
                  X