I am trying to add an account for operational role. The privilege of the account is to change Jabber services only. So far I am able to add the account. The account is able to login and change Jabber services, as expected. But the person assigned to this role wanted to change the password. Since the account username is sync with AD, not generic account, the password is personal, cannot be shared.
On the Change Password menu, somehow I am unable to change the password, even though all the criteria is fulfilled. I thought this is a bug. So on the globaladmin I clicked on the Prompt User button, forcing the user to change password on the next logon, hoping for a different outcome. But the outcome was the same. I tried to remove the user from the role group then add the account again, but the outcome still the same.
Below is the error notification when changing password from inside PCP.
Below is the error notification when changing password on prompt mode.
I have two questions:
1. When I cannot change the password even though all the criteria is fulfilled, is it a known bug?
2. How can I revert the change password prompt on the next logon?
My Prime Collaboration Provisioning version is 12.5.1862.
I guess you cannot maintain the password from PCP.
for admins a local account must be present, but the the passwords are not synced,
the credentials are validated at AD by PCP sending a challenge to AD and get a success/error response
-> you must change the password in AD
Somehow the AD password does not work on PCP. It said "Invalid Username or Password". In PCP, only the usernames are synced with AD, but not the passwords. This is the reason why I created local password. But with CUCM, I can login using my AD credential. Is this behavior normal in PCP and CUCM?
look at this document Synchronizing Processors, Users, and Domains
the synchronizistion works the other way around
users are copied from call manager stored in PCP and (depending on sync type) "put in AD"
There are three types of synchronizations in Prime Collaboration Provisioning:
So my assumption was not correct and the password is sourced in a call manager or unity.
and to understand the situation you need to check what sync type is configured at your site.
and you need to check if synchronization is working periodically as described in the document.
you should also check that the call-manager ais NOT configured for external authentication with AD