Mapping AD password policy state attributes to PingDirectory using dsconfig - PingDataSync - PingDirectory

Mapping AD password policy state attributes to PingDirectory using dsconfig - PingDataSync - PingDirectory - 9.3

PingDirectory 9.3

bundle

pingdirectory-93

ft:publication_title

PingDirectory 9.3

Product_Version_ce

PingDirectory 9.3 (Latest)

category

Product

pd-93

pingdirectory

ContentType_ce

If you have a working sync configuration between PingDirectory and Active Directory (AD)Active Directory (AD)AD A directory service for Windows domain networks, included in most Windows Server operation systems. and want to manage password policy state attributes, use the dsconfig command to map these attributes instead of re-running the sync command.

To map AD password policy state attributes to PingDirectory attributes:

Run dsconfig with the create-attribute-mapping option.

The following example maps the AD attribute lockoutTime to the PingDirectory attribute pwdAccountLockedTime.

dsconfig create-attribute-mapping 
	--map-name "<Microsoft Active Directory Users Attribute Map>" 
	--mapping-name pwdAccountLockedTime
	--type direct
	--set from-attribute:pwdAccountLockedTimeFromAD

The following example maps the AD attribute userAccountControl & (ACCOUNTDISABLE == 2) to the PingDirectory attribute ds-pwp-account-disabled.

dsconfig create-attribute-mapping
	--map-name "<Microsoft Active Directory Users Attribute Map>"
	--mapping-name ds-pwp-account-disabled 
	--type direct
	--set from-attribute:ds-pwp-account-disabled-from-ad

The following example maps the AD attribute pwdLastSet to the PingDirectory attribute pwdChangedTime.

dsconfig create-attribute-mapping
	--map-name "<Microsoft Active Directory Users Attribute Map>" 
	--mapping-name pwdChangedTime
	--type direct
	--set from-attribute:pwdChangedTimeFromAD

Note:

For more information about synchronizing these AD attributes with PingDirectory, see Synchronizing Active Directory with PingDirectory.