Question about changing expired passwords with Identity Manager. The documentation says: “The Allow Change Password option is not available for Active Directory environments that use a global catalog.”
Why is this? And if I have an environment with 2 DCs which are both GC, I cannot use this functionality? Can't you have gobal catalog servers at all in your environment? I think all of my customer environments uses Global catalog servers in their infrastructure...
It is not listed in the documentation as a requirement, but does vIDM need a secure LDAP connection with the domain if you want to allow password change through vIDM? If I read this, it should:
Did you figure out how to make this feagure works?
I'm facing the same issues like you. The feature is not working and I guess it's because even if you configure the certificate, the java application is using ldap instead of ldaps. This is like in vRO when you want to use the AD plugin and run the "Add user with password" workflow. Have the certs configured and use 636 is a requirement.
It's working with Global catalog servers in the domain and without ssl connection to the domain. However, at the customer it is currently still not working, VMware support is trying to figure it out.
Our manual has been updated.. It was a little misleading before.. Now it states:
When a directory is added to VMware Identity Manager as a Global Catalog, the Allow Change Password option is not available. Directories can be added as Active Directory over LDAP or Integrated Windows Authentication, using ports 389 or 636.
So password change works as long as you are not using the Global Catalog ports to connect to your Domain Controller..
I am using Integrated Windows Authentication ans LDAPS over port 636 but it doesn't work. By the way, this is happening with the vIDM embedded in vRA and the configuration is made through vRA. I don't recall to see any Global Catalog option when it's vRA.
I think vRA is using an older version of the Identity Manager bits so I do not thing Password Change is supported. AD Password Change was just recently added to VMware Identity Manager.. But I'm not 100% sure since I do not really cover vRA..