** We have integrated with Active Directory and the User records have blank passwords. So would it still scramble the password? Is the an accompanying undocumented run process command that would reverse the disable?
It just would be nice to have this command documented some where instead of guessing what it does. I can cause the same effect by having a filter set the password field with a scrambled word, maybe a guid, that would accomplish the same thing. Then it's at least easier to figure out what it's doing and how to reverse the effect. Dave ------------------------- [email protected] (Wireless) ________________________________ From: Action Request System discussion list(ARSList) <[email protected]> To: [email protected] <[email protected]> Sent: Thu Sep 03 16:48:28 2009 Subject: Re: Question concerning Application-Invalidate-User I haven’t really looked into this too deeply, but my gut feeling would be that this overwrites the password so that the original password hash will no longer work. That’s how the accounts are disabled, so it’d make sense. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Shellman, David Sent: Wednesday, September 02, 2009 12:00 PM To: [email protected] Subject: Question concerning Application-Invalidate-User ** We recently upgraded our app server from 7.0.1 to 7.1 (Windows server connected to Oracle). After the upgrade I have been looking at the new filters associated with password management with 7.1. I noted a filter called User:DisableUserAccount. The Run If is fairly straight forward with ($USER$ = "AR_ESCALATOR" ) AND ( 'Status' = "Disabled") AND ( 'Account Disabled Date' != $NULL$ ) AND ( 'Account Disabled Date' > 'Last Password Change For Policy') The Run Process executes Application-Invalidate-User $Login Name$. I can not find any reference to Application-Invalidate-User in the 7.1 or 7.5 documentation. If anyone could point me to documentation concerning Application-Invalidate-User it would be greatly appreciated. Dave Dave Shellman Phone: (717) 810-3687 Fax: (717) 810-2124 email: [email protected] Tyco Electronics MS 161-043 PO Box 3608 Harrisburg, PA 17105-3607 _Platinum Sponsor: [email protected] ARSlist: "Where the Answers Are"_ _Platinum Sponsor: [email protected] ARSlist: "Where the Answers Are"_
