Hi brothers, We are working with customer these days and want use FIM to do the user account centralized management. One of the requirements is password sync between active directory and lotus notes, the version of domino server is 6.5 and they only use http to access the Notes mail. Question1 : I saw that MA for Lotus Notes is only supporting SET OPERATIONS just as showed below. How does SET OPERATION mean? What is the difference between CHANGE and SET? http://technet.microsoft.com/en-us/library/cc720589(WS.10).aspx Management agents in MIIS 2003 support a range of password management features. Management agents for directory services support password set and change operations by default. The following management agents support password change operations: Management Agent for Active Directory Management Agent for Active Directory Application Mode (ADAM) Management Agent for Windows NT 4.0 The following management agents support password set operations only: Management Agent for Lotus Notes Management Agent for Sun and Netscape Directory Servers (formerly iPlanet Directory Server) Question2 : PCNS is a one-way password sync or two-way password sync? What I want to know is after I finished all of the configuration need by Automated Password Synchronization if I changed password from Lotus Notes, is it will be synchronized to active directory? If the answer is NO, it means after I implement the PCNS, changing password from active directory is the only way and best way to avoid password mis-match between active directory and the target system. Any advice for the requirement of password sync between AD and Lotus Notes will be appreciated, thanks in advance.

Wei Hu, A Set Operation is an administrative password set, where the previous password does not need to be known to reset the password. Through a Set operation, the user's password is simply reset to a new password through a process with administrative privileges. A Change Operation requires the current password to change a user's password to a new password. Through a Change operation, the current password will be used to authenticate the user's account then the password will be changed to the new password. PCNS is a one-way password sync process. Only passwords change in an Active Directory environment will be captured and forwarded to FIM (or any other listener). Once FIM is notified of a changed password, it will send the new password to all the management agents that have been configured as targets for password synchronization. Cheers, MarcMarc Mac Donell, ILM MVP, VP Identity and Access Solutions, Avaleris Inc.