Copy password from AD to Zimbra

[datnus]

Hi,
I have Zimbra 7 that is linked to AD (win server 2008) for authentication.
Now, I want to remove Zimbra from AD. Zimbra will use internal authentication.

Is it possible to copy passwords from AD and import to Zimbra?

Thanks million for your help.

[phoenix]

Quote:

Originally Posted by datnus

I have Zimbra 7 that is linked to AD (win server 2008) for authentication.
Now, I want to remove Zimbra from AD. Zimbra will use internal authentication.

Is it possible to copy passwords from AD and import to Zimbra?

My advice would be to take this opportunity to enforce strong password security (if you don't already have it) and also force a password change on all users. There is a script in the forums that synchronizes AD users with Zimbra but I'm not sure if that has any password sync as well.

[datnus]

I've searched around this forum but not able to find related post to copy/import passwords from AD to Zimbra.
Any help would be appreciated.

Resetting 200 user accounts would be a bit problem in our operation.

[Guest]

AD Passwords are non reversible... You cannot copy or import.

why not just reset all AD passwords and as suggested above?

[datnus]

I thought AD password is hashed. Only need to import the hashing to Zimbra.
---------------------
If not possible, then is there a way to bulk reset password in Zimbra?
It seems that in GUI we only able to reset password one by one.
1) The generated password is random.
2) Is it possible to inform users of new generated passwords before reset? Or at least admin should have the file to contains password.

Thanks so much.

[vavai]

Below are a simple script to bulk-reset Zimbra account password :

Code:

#!/bin/bash
clear
USERS=`su - zimbra -c 'zmprov -l gaa'`;
 
for ACCOUNT in $USERS; do
        ACC1=`echo $ACCOUNT | awk -F@ '{print $1}'`;
        ACC=`echo $ACC1 | cut -d '.' -f1`;
 
        if [ $ACC == "admin" ] || [ $ACC == "wiki" ] || [ $ACC == "galsync" ] || [ $ACC == "ham" ] || [ $ACC == "spam" ]; then
                echo "Skipping system account, $NAME...";
        else
                echo "Modifying $ACCOUNT password...";
               su - zimbra -c "zmprov sp $ACCOUNT NewPassword";
               su - zimbra -c "zmprov ma $ACCOUNT zimbraPasswordMustChange TRUE;
                echo "Done!"
                echo ""
#               read anykey
        fi
done
echo "Modifying password for all user has been finished successfully"

I think it would be better to include some personal ID (part of user name or any fields) so we could generate password for all Zimbra user but also keep create a random-known password. In my case, I've included user birthday as part of their generated password to prevent someone steal/login to anyone mailbox. It's not really secure but in my case, sufficient for temporary password.