For example, perhaps you want the NT driver to provide the initial password for user when it creates a new user object in eDirectory to match a user in NT. The sample configuration for the NT driver sends the initial password as a separate operation than adding the user, and the sample configuration also includes a policy that provides a default password for a user, based on the user's surname, if no password is provided by NT. Because adding the user and setting the password are done separately, in this case a new user always receives the default password, even if only momentarily, and it is soon updated because the NT driver sends the password right after adding the user. If the default password does not comply with the eDirectory Password Policy for the user, an error is displayed. For example, if a default password created using the user's surname is too short to comply with the Password Policy, you might see a -216 error saying password is too short. However, the situation is soon rectified if the NT driver then sends an initial password that does comply.
Regardless of the driver you are using, if you want a connected system that is creating user objects to provide the initial password, consider doing one of the following. These measures are especially important if the initial password does not come with the add event and instead comes in a subsequent event.
This option is preferable because Novell recommends that a default password policy exists in order to maintain a high level of security within the system.
or