I’m supporting international company using “single certificate tree/multi domains” scenario.Is any trick possible to assign Reset Password authority to user from another domain?
Assume you have user UserA/OU1/DomainA. You configured ID Vault in DomainB. For a time of configuration I copied UserA Person document from DomainA names.nsf to DomainB names.nsf. This allow me to configure Reset Password for UserA in DomainB. This way proper “Password Reset Certificate” was created. But then I have to remove UserA document from DomainB because of consolidation process of corporate NAB for all domains.
When UserA is later trying to Reset password there is an error in Security Events in log.nsf: “Error: Missing or invalid Password Reset Trust certificate. Check the log file for details.” (this is from log of course:)
Certificates for /OU1/DomainA and /DomainA are exist in DomainB.
Both Directory Catalog and Directory Assistance are configured in each domain pointing to corporate consolidated addressbook.
Any idea is it possible?