Hi ... Need some help badly here.... I finishd integrating ad connector and able to synchronize AD and safeboot passwords..... However, this is happening only after 2 reboots I.e. It takes 2 reboots for the AD password to synch with Safeboot password. Can this be achieved without the 2 reboots??....... Can we use SBAdmCl scripting to achieve this or just look out for some changes in .ini files??.... If it is really possible to achieve the requirement of avoiding 2 reboots, what design considerations should I take into account??..... Please let me know.----- PS: sorry for the format...I'm having slight difficulties with a non-working enter key on my mobile..... Thanks !! N
While the sync doesn't happen at the connector level, you shouldn't need any reboots for it to notice the new password or even the existing password for first time users. It should work like this if you have SSO setup properly:
1. User has generic first time password, by default it's 12345 2. User enters username/12345 at Pre-Boot Auth Window 3. User is dumped at Windows login screen and enters true AD password 4. SafeBoot silently realizes that the password needs to be in sync and matches them 5. Next time you reboot, your SafeBoot password should be your Windows password
My issue is not with the connector or the password at this point anymore, it is with the Reboots.... Is it possible to Synch a password changed by using 'Ctrl+Alt+Del' combination to the Local Safeboot DB immediately instead of rebooting twice?
Essentially, when I say rebooting twice, I mean the below steps: Assumptions: Old Safeboot password=A, Old Windows Password is B,null New Windows Password is C.
Action1: User changes his windows password via 'Ctrl+Alt+Del'
Action2: Windows Password changed from B to C. Next action Reboot. Reboot1: User presented with Safeboot logon & submits password A as C will not work. Reason1: (Win password not passed to SB)
Action3: User authenticates to safeboot GINA successfully. Action4: Safeboot GINA tries to present the Windows credentials automatically but fails as it is using password A. Action5: User presented with Windows logon again. Action6: User enters password C
Action7: User authenticates successfully to Win MSGINA. Next action Reboot. Reboot2: User presented with Safeboot logon & submits password C as A will not work. Reason2: Win password passed to SB now.
Can Reason2 be achieved by avoiding Reboot1 & Reboot2.
the password is changed locally as part of a ctrl-alt-del event - it requires no sync at all.
I'm not sure what you are doing, but most likely you can work it out through the token data events in the client log. Possibly the time is out within your environment, and the token data is flowing the wrong way.