You can try but disable the password update which could be triggered by the authentication module. What version are you on? Find "DisableADPasswordPropagation"
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/configuring/advanced-settings/manage-authentication-module-properties.html
Once this is done test your authentication again. If this does not work I suggest you open an ideation (top menu and click "ideation). Thank you.
------------------------------
Best regards,
Scott Owens
Sr Support Engineer
------------------------------
And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.
Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at
enterprisestudio@hcl.com.
https://www.hcltech.com/enterprise-studio------------------------------
------------------------------
Original Message:
Sent: 11-28-2019 12:17 PM
From: Pearse Kennedy
Subject: IM - Authenticate against AD Global Catalog
Hi Team
We have Identity Suite vApp with IM and IP. We are currently provisioning to a single AD domain and IM is also configured for user authentication against this domain.
We now wish to introduce a second AD domain in the same forest. So we will acquire this as a new endpoint and provision certain users to it.
But we want to allow users in both domains authenticate to IM with their AD credentials. I understand that you can only configure one AD for authentication in the IM management console. But can I configure that AD to be the global catalog (i.e. port 3269)? That way it would find users in both domains.
Thanks
Pearse