Identity Manager (or not!)

This summer we installed Identity Manager on one of our NetWare boxes, and anticipated loads of extra free time from a reduced user management work

  1. Allow for user password self-service
  2. Sync GroupWise passwords with NDS passwords
  3. Import staff accounts into AD from NDS

Users expect to be able to reset their own passwords with a challenge-response system. So far this part of the system is working great – however we haven’t rolled it out across all users as we need to develop some training so that when the 1st day that logging in will ask you to answer questions comes that users know what to do.

The other two options could prove to be significant time savers. Having GroupWise sync with NDS – especially when initially creating users should reduce administration time quite a bit. AD sync will allow all of the millions of Windows apps that are AD aware to use the account info in AD and save boatloads of time by not requiring separate account administration.

In reality, I’m fairly disappointed with what we have so far…


The NDS to GroupWise sync seems to be continually stuck trying to sync a single user (I guess we are generating corrupt cache files). Stopping, disabling, re-enabling and restarting the service/driver seems to take care of the problem for a little while, but so far it has always come back. We have a ticket open with Novell and should get it resolved soon, but it’s still disappointing so far.

Our AD sync has not gone much better – about 1/8 of our staff (from NDS) are not showing up in AD. My initial troubleshooting makes it look like the users with multiple locations in NDS are not being copied. We’ll see if removing one of the locations fixes the issue, but what do I do then for my users that actually work between two locations?

My long-term goal is to create users ‘automagically’ once they show up in our HR or student databases, and create accounts for them in NDS, AD, as well as our LMS (Blackboard), Lunch System (FastLane), as well as create import files for websites like StudyIsland.com and TurnItIn.com. With the issues we have had with syncing ids, I’m a little less sure that automatic account generation will be reliable. We’ll see what the next couple weeks bring.

Post a Comment

Your email is never shared. Required fields are marked *

*
*