You’re offline. This is a read only version of the page.
35
We are Implementing Microsoft Identity Lifecycle Management (ILM 2007) solution at a large microsoft client,
The task are to:
1. Integrate Active Directory users with Microsoft GP 9.0 users
2. Synchronize Active Directory user passwords with Microsoft GP 9.0 user passwords.
To acheive this we are creating Microsoft GP 9.0 users from ILM Extension which is written in C#.Net 2005:
following are the steps in user creation:
1. Insert record into user master table
INSERT INTO DYNAMICS.DBO.SY01400
(USERID, USERNAME, Zoom_Fields_Font_Color,Zoom_Fields_Font_Style,Editable_Fields_Backgrou, Editable_Fields_Font_Col, Editable_Fields_Pattern, Editable_Fields_Pattern_, Scrolling_Fields_Backgro, Scrolling_Fields_Font_Co, Scrolling_Fields_Pattern, Scrolling_Fields_PatCor, Required_Fields_Font_Col, Required_Fields_Font_Sty, Internet_Browser, Internet_Address, Internet_Type, Internet_Address_Name, PASSWORD, USRCLASS, MDFRDENT, MODIFDT, CREATDDT, LSTUSRED, PRTOSCRN, PRTOPRTR, SHRQFLDS, DISTPROC, HSCRLARW, SOPTYPE, RELID, SECACCS, TODOOPEN, TODOPERSOPEN, TODOPERSROLL, PALETTETYPE, ORGANIZATIONALVIEW, ACCOUNTINGVIEW, USERLANG, UserRole)
VALUES ('testuser','test user', 6, 2, 10, 2, 4, 2, 10, 2, 4, 2, 1, 2, '','',0, '',cast('Pa$$w0rd' as binary), '', 0, '01/01/1900','01/01/1900', 'sa', 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1)
2. get the hash for password 'Pa$$w0rd'
--DECLARE @pwd varbinary(256)
--SET @pwd = pwdencrypt('Pa$$w0rd')
--select @pwd --this generated the hashed used below in create login
3. create login using hashed password
create login [testuser] with password = 0x010034988E23A9030E1C8448AF11B1E9FAD48FDACC11D04A8284 hashed,check_policy=off,check_expiration=off
4. create database user
USE DYNAMICS
create user testuser from login testuser
5. assign DYNGRP role
exec sp_addrolemember 'DYNGRP','testuser'
Now using these above mentioned steps, a valid MGP 9.0 user is created, to which company access is assigned, but when the user tries to login into MGP 9.0, the system acknowledges the user, but prompts the user to change password which we dont want because we want passwords to be synchronized from Active Directory.
I have searched through blogs on the internet regarding the same topic and came accross the conclusion that MGP encrypts the password in some way, and checks for it on every logon, if the password stored is not encrypted as per MGP 9.0 encryption MGP 9.0 prompts the user to change password.
Is there any way to:
1. Disable the MGP 9.0 password encryption
2. Encrypt the password with the same logic as MGP is encrypting it
3. Any other Solution
*This post is locked for comments
I have come accross the information that GPConn.dll might help in this regards, but i need to confirm that
1.Can we create MGP Logins using GPConn.dll?
2.Or Get Encrypted String for plain password String using GPConn.dll which may constitute in creating the login with encrypted password?
if someone could provide information that GPConn.dll will solve the problem.
See this article which describes that GPConn.dll may provide such functions.
all i need is confirmation before i raise the support case and get keys for it with MGP Support.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,253
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (