With Forefront Identity Manager Synchronization Service (FIM Synchronization Service), you can programmatically manage passwords by using a component that you create called a password extension. The password extension works together with the FIM Password Change Notification Service to capture password changes from Active Directory Domain Services (AD DS) and propagate these changes to other connected data sources. For more information, see Forefront Identity Manager Technical Reference. A password extension is a Microsoft .NET Framework class library, which is a dynamic link library (DLL) that implements one or more classes and the IMAPasswordManagement interface.
FIM Synchronization Service performs the following steps when it runs a password extension:
- Opens the class library DLL that is specified in the
Extension name text box of the Password Management
group in the Configure Extensions dialog box of the
management agent properties.
- Loads the extension object by finding a class that implements
the IMAPasswordManagement
interface.
- Initializes the extension.
- Calls the appropriate class methods.
- Terminates the extension when the EndConnectionToServer
method unloads the extension object and closes the class library
DLL.
Implementing the Interfaces
A password extension must implement the IMAPasswordManagement interface and the following methods from the Microsoft.MetadirectoryServices namespace:
- BeginConnectionToServer
- ChangePassword
- EndConnectionToServer
- GetConnectionSecurityLevel
- RequireChangePasswordOnNextLogin
Note:Although this method is not used in Microsoft Identity Integration Server 2003 SP1 or later, you must still implement this method. You can implement it by throwing the EntryPointNotImplementedException exception in this method. - SetPassword
The following examples show an entire class declaration for a password extension:
| Visual Basic |  Copy Code |
|---|---|
Imports Microsoft.MetadirectoryServices Public Class Sample_Password_Extension Implements IMAPasswordManagement Public Sub BeginConnectionToServer(ByVal connectTo As String, _ ByVal user As String, _ ByVal password As String) _ Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.BeginConnectionToServer End Sub Public Sub ChangePassword(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _ ByVal OldPassword As String, _ ByVal NewPassword As String) _ Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.ChangePassword End Sub Public Sub EndConnectionToServer() _ Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.EndConnectionToServer End Sub Public Function GetConnectionSecurityLevel() As Microsoft.MetadirectoryServices.ConnectionSecurityLevel _ Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.GetConnectionSecurityLevel End Function Public Sub RequireChangePasswordOnNextLogin(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _ ByVal fRequireChangePasswordOnNextLogin As Boolean) _ Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.RequireChangePasswordOnNextLogin ' This method is not used by this version of FIM Synchronization Service. Throw New EntryPointNotImplementedException End Sub Public Sub SetPassword(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _ ByVal NewPassword As String) _ Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.SetPassword End Sub End Class |
|
| C# | Copy Code |
|---|---|
using System;
using Microsoft.MetadirectoryServices;
namespace SamplePasswordExtension
{
/// <summary>
/// Summary description for Class1.
/// </summary>
public class Sample_Password_Class : IMAPasswordManagement
{
public Sample_Password_Class()
{
//
// TODO: Add constructor logic here
//
}
public void BeginConnectionToServer(String connectTo,
String user, String password)
{
throw new EntryPointNotImplementedException();
}
public void ChangePassword(CSEntry csentry, String OldPassword,
String NewPassword)
{
}
public void EndConnectionToServer()
{
}
public ConnectionSecurityLevel GetConnectionSecurityLevel()
{
}
public void RequireChangePasswordOnNextLogin(CSEntry csentry,
Boolean fRequireChangePasswordOnNextLogin)
{
// This method is not used in this version.
throw new EntryPointNotImplementedException();
}
public void SetPassword(CSEntry csentry, String NewPassword)
{
}
}
}
|
|
Exceptions
The Microsoft.MetadirectoryServices namespace defines the following exceptions that are specific to password extensions.