Microsoft Identity Integration Server 2003 graphic

Configure password management and specify rules extensions

For this procedure, in Management Agent Designer, on the Configure Extensions page, you can specify a management agent rules extension and enable and configure password management. Rules extensions and password management are not required for, and are not applicable to, all management agents. To complete this procedure, you must be logged on as a member of the MIISAdmins security group.

This procedure applies to management agents for the following Microsoft Identity Integration Server 2003 editions:

Enterprise Edition Identity Integration Feature Pack for Active Directory
All Active Directory, Active Directory Application Mode (ADAM), Active Directory global address list (GAL)

To specify a management agent rules extension

  1. In Management Agent Designer, on the Configure Extensions page, in Rules extension name, type the name of the rules extension file that you want to use.
  2. To run the rules extension out of process, select the Run this rules extension in a separate process check box.

To configure password management

  1. In Management Agent Designer, on the Configure Extensions page, in Password Management, click Enable password management.
  2. For all file-based management agents, management agents for extensible connectivity, and database management agents, under Password management, in Extension name, type the name of the password extension file (.dll).
  3. To specify connection information settings for the password extension, click Settings; in Settings, type the complete name of the server; type a user account and password; and then, in Connection timeout, specify a connection time-out in seconds. The default 0 indicates no time-out.
  4. To select a change type operation, under Supported password operations, select Set only, Change only, or Set and change.
  5. For those management agents with password management enabled and configured for password synchronization, to configure target password synchronization settings, click Settings. Under Target Settings, in Password operation failure settings, in Maximum retry count, specify the number of times Microsoft Identity Integration Server 2003 will attempt to push a password set to the connected data source target even if there are password set errors (for example, the server is not available). In Retry Interval, specify the number of seconds between password set retries. To require that all password synchronization operations are secure, click Require secure connection for password synchronization operations. This option requires that the connection between Microsoft Identity Integration Server 2003 and the connected data source target server be secure during password set operations using Secure Sockets Layer (SSL) or signed and encrypted Lightweight Directory Access Protocol (LDAP). If this option is selected and the management agent is not configured to use a secure connection, an error will be passed to the event log, and the password set operation will not proceed. If this option is not selected, password synchronization will occur regardless of the secured connection configuration. This option does not apply to Windows Management Instrumentation (WMI)–based password operations.
  6. For management agents that are configured for password management and for which the partition name is available through Web application WMI queries, to give a partition name a friendly display name, in Configure partition display name(s), click Edit. In the Configure Partition Display Name dialog box, in Partition, select a partition. In Display name, type a name, and then click Edit.

Notes

Related Topics

*

Rules extensions

*

Password management

*

Using management agents