Delay in execution of Password Reset and Account Unlock operations

Hello everyone. We have one custom script in the production which is performing password reset and account unlock operations on the domain. This script is called by an external application (IVR Solution) with AD SAMAccountName as input parameter and script reset password and call SMPP API to deliver password to end user and confirmation of account unlock as well.

We are facing an issue where end users AD account unlock and password replication on all DCs is taking too much time as compared to the password manager solution we have, since password manager has a feature to replicate changes on selected DCs, hence, changes are very instant. 

My question is that is there a way to speed up the script execution in one identity or can we provide multiple DCs in the sync editor connection parameters to speed up things? priority setting in the designer is only for processes. However, in our case we are just executing a script via One Identity APIs.

we are using 1IDM 8.0.2.

Best regards,

Daniel

Parents
  • Even when you calling the password reset via a script, the execution of the password update operation is done by the process engine of OneIM, therefore setting a higher priority for the "Update Account" process step is a good idea and is part of the OOTB process ADS_ADSAccount_Update/(De-)activate. Check the priority definition script of this process step.

    Keep in mind that the lookup interval on the Job Service itself (how often does he look for tasks in the job queue if he has nothing to do) is essential as well. The default is 90 sec.

    And, if you want to select a different DC to perform these password updates, you can override the script ADS_SetOverrideVariables_for_Projection. The OOTB one contains an example that explains how to override the DC selection made in the synchronization project with a custom one.

    HTH

Reply
  • Even when you calling the password reset via a script, the execution of the password update operation is done by the process engine of OneIM, therefore setting a higher priority for the "Update Account" process step is a good idea and is part of the OOTB process ADS_ADSAccount_Update/(De-)activate. Check the priority definition script of this process step.

    Keep in mind that the lookup interval on the Job Service itself (how often does he look for tasks in the job queue if he has nothing to do) is essential as well. The default is 90 sec.

    And, if you want to select a different DC to perform these password updates, you can override the script ADS_SetOverrideVariables_for_Projection. The OOTB one contains an example that explains how to override the DC selection made in the synchronization project with a custom one.

    HTH

Children