 |
| The number of users being updated reached 600 before I found this solution. |
Every time a user changed their password, the new password was encrypted and stored in the 'Division' field in Active Directory (Using the sha1hexfltr DLL). Google Apps Directory Sync would then perform a sync of passwords for every user that had a populated 'Division' field but would not clear that field once sync'd. This meant that the same users were being sync'd every time.
The solution was to find a way of resetting the 'Division' field back to blank for each user:
1. Install a program called Bulk Password Control from Wisesoft on your Domain Controller.
2. Load up your OU or group of users and then click the "Modify Attributes" button.
3. Click the "Other" tab.
4. Look through the list of attributes until you find the "division" attribute.
5. Click the highlighted checkbox twice until the attributes value is greyed out and says "<Clear Attribute>" then click the "OK" button.
6. Bulk Password Control will then cycle through all the selected users and clear the "Division" field. You will be shown a summary of the actions performed with an option to rollback if you think you've made a mistake. You can see in the example below that is has made changes to 99 users.
I recommend you perform these steps in the afternoon when people will not be busy changing their passwords as you might clear the "Division" field before it has been sync'd.
No comments:
Post a Comment