1. CONFIGURATOR CAPABILITES: Creating a new user with Configurator capabilities is possible but the bulk account administrator capability along with several others, will vanish after the password is reset and the expiry date removed from the user object and the user has logged in. If the user is not logged in then the user account is in expired state and might cause problem if we are doing a major migration move.
2. PASSWORD SYNC THRESHOLD: New password sync process with JMS, seems to have problems syncing the password immediately. The "passwordsyncthreshold" is an important variable that needs to be set. Default setting is 30secs but 10sec is advised for the time being.
3. PASSWORD HISTORY ISSUES: Listed below are the major issues in dealing with password sync, password history in IDM and AD:
(a). Password history on IDM is not case-sensitive by default, i.e., all the passwords in the histroy are stored in uppercase. But password history on AD is case-sensitive. This causes the password histories to go out of sync. Hot fix provided by Sun.
(b). Resetting password on IDM doesnot put this password in the history unlike a change password. But in AD any change/reset is stored in AD history. This again causes the password to go out of sync. Still looking for a solution.
(c). Password change on AD triggers a recursive password change on IDM and AD as the message is passed onto the JMS queue twice and then stops. This behaviour occurs even if the AD resource is listed in the passwordsyncexcluderesourcelist and passwordsyncthreshold is set to more than 10secs. This could either be because of the two workflows coming into play when a password change occurs - ChangeUserPassword WF and SynchronizeUserPassword WF.
4. AUDIX AND MAINFRAME ISSUES: Audix and Mainframe adapters are not completely fucntional in the new IDM 6.0 version. Hotfix provided by Sun.
