With Forefront Identity Manager Synchronization Service (FIM Synchronization Service), you can programmatically manage passwords by using a component that you create called a password extension. The password extension works together with the FIM Password Change Notification Service to capture password changes from Active Directory Domain Services (AD DS) and propagate these changes to other connected data sources. For more information, see Forefront Identity Manager Technical Reference. A password extension is a Microsoft .NET Framework class library, which is a dynamic link library (DLL) that implements one or more classes and the IMAPasswordManagement interface.

FIM Synchronization Service performs the following steps when it runs a password extension:

  1. Opens the class library DLL that is specified in the Extension name text box of the Password Management group in the Configure Extensions dialog box of the management agent properties.

  2. Loads the extension object by finding a class that implements the IMAPasswordManagement interface.

  3. Initializes the extension.

  4. Calls the appropriate class methods.

  5. Terminates the extension when the EndConnectionToServer method unloads the extension object and closes the class library DLL.

Implementing the Interfaces

A password extension must implement the IMAPasswordManagement interface and the following methods from the Microsoft.MetadirectoryServices namespace:

  • BeginConnectionToServer

  • ChangePassword

  • EndConnectionToServer

  • GetConnectionSecurityLevel

  • RequireChangePasswordOnNextLogin

    Note:
    Although this method is not used in Microsoft Identity Integration Server 2003 SP1 or later, you must still implement this method. You can implement it by throwing the EntryPointNotImplementedException exception in this method.
  • SetPassword

The following examples show an entire class declaration for a password extension:

Visual Basic  Copy Code
Imports Microsoft.MetadirectoryServices

Public Class Sample_Password_Extension
Implements IMAPasswordManagement

Public Sub BeginConnectionToServer(ByVal connectTo As String, _
	ByVal user As String, _
	ByVal password As String) _
	Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.BeginConnectionToServer
End Sub

Public Sub ChangePassword(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _
	ByVal OldPassword As String, _
	ByVal NewPassword As String) _
	Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.ChangePassword
End Sub

Public Sub EndConnectionToServer() _
	Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.EndConnectionToServer
End Sub

Public Function GetConnectionSecurityLevel() As Microsoft.MetadirectoryServices.ConnectionSecurityLevel _
	Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.GetConnectionSecurityLevel
End Function

Public Sub RequireChangePasswordOnNextLogin(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _
	ByVal fRequireChangePasswordOnNextLogin As Boolean) _
	Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.RequireChangePasswordOnNextLogin
	' This method is not used by this version of FIM Synchronization Service.
	Throw New EntryPointNotImplementedException
End Sub

Public Sub SetPassword(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _
	ByVal NewPassword As String) _
	Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.SetPassword
End Sub

End Class
C#  Copy Code
using System;
using Microsoft.MetadirectoryServices;

namespace SamplePasswordExtension
{
	/// <summary>
	/// Summary description for Class1.
	/// </summary>
	public class Sample_Password_Class : IMAPasswordManagement
	{
		public Sample_Password_Class()
		{
			//
			// TODO: Add constructor logic here
			//
	}
		public void BeginConnectionToServer(String connectTo, 
			String user, String password)
		{
			throw new EntryPointNotImplementedException();
	}
	
		public void ChangePassword(CSEntry csentry, String OldPassword,
			String NewPassword)
		{
	
	}
	
		public void EndConnectionToServer()
		{
  
	}
			 
		public ConnectionSecurityLevel GetConnectionSecurityLevel()
		{
	
	}
	
		public void RequireChangePasswordOnNextLogin(CSEntry csentry,
			Boolean fRequireChangePasswordOnNextLogin)
	
		{
	
			// This method is not used in this version.
			throw new EntryPointNotImplementedException();
		
	}
	
		public void SetPassword(CSEntry csentry, String NewPassword)
							 
		{
			
	}   
} 
}

Exceptions

See Also