ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects


UF Dir to UFAD PW Sync


Return to IT/SA Services Documentation: Active Directory

Overview

UFAD accounts are created initially by MIIS brokered processes. That process is triggered by the creation of a new Gatorlink account. Currently, when a UFAD account is first created, the password is unknown and is thus set to a random string. A process of password synchronization must then occur separately before the new account may be used to access UFAD resources.

Synchronization problem

On occasion, password synchronization fails to occur for a newly created Gatorlink account. The symptoms are the inability to access UFAD resources, such as logging into UFAD on a UFAD joined computer or accessing a newly acquired IFAS Exchange mailbox via http://webmail.ifas.ufl.edu. The current solution is to have the user go to the UF web portal at http//my.ufl.edu and change their password. This forces a synchronization and fixes the problem; but it would be good to have a way of ascertaining the synchronization status rather than simply to rely on the user to try that solution.

Determining a user's password synchronization status

UFAD has a search tool that will show provide certain information pertinent to determining the synchronization status:
https://ufadtools.ad.ufl.edu/UserSearch/webform1.aspx
(log in with your ufad\if-admn credentials). You need to know the UFID of the individual to the run the query. Example output is shown below. You can see via the "GLPwdExpired" field that this user's password will expire September 26th.

If the "GLPwdExpired" field is empty, then password synchronization never occurred and the user will have to change their Gatorlink password in order to be able to successfully access computer resources within UFAD.

The other important field is the "AD Password Last Set"(2006-03-28T07:41:34). This shows when the password change was received by AD. So in this case it looks like it received a password change at 7:41 am (or this is when the account was first created).


last edited 27 July 2006 by Steve Lasley