The following frequently asked question (FAQ) topics answer questions related to user administration for IBM i integration with BladeCenter® and System x™.
The user administration function allows you to enroll existing IBM i users and groups to a Windows domain or server. This permits you to administer one unified set of users and groups instead of both an IBM i set and a Windows set.
User and group enrollment creates Windows users and groups from existing i5/OS users and groups. For enrolled users, changes that are made to user passwords on IBM i are propagated to Windows.
Note: The user administration function is not supported for VMware ESX and Linux servers.
Does my Windows server running on an integrated BladeCenter or System x model need to be a domain controller to use the user administration function?
No. The Windows server running on an integrated server can be a domain controller or just a normal server. You can propagate users and groups from i5/OS to any one of the following:
To a Windows domain
To a Windows server
To a combination of domains and servers
Note: If you installed your Windows server as an additional server in your Windows domain and you want to propagate users and groups to the Windows domain, you will need to give domain administrator rights to the User Administration Service on the integrated Windows server.
Can I use Enterprise Identity Mapping (EIM) with the user administration function?
Yes. Users enrolled to the Windows environment from IBM i can take advantage of Enterprise Identity Mapping (EIM). User enrollment support for EIM allows easier setup for Windows single sign-on and allows enrolled i5/OS user profiles to be different than Windows users profiles. For more information, see Enterprise Identity Mapping (EIM).
How do I enable single sign-on support for integrated Windows server users?
User enrollment support can take advantage of Enterprise Identity Mapping (EIM) to allow easier setup for Windows single sign-on and to allow enrolled i5/OS user profiles to be different than Windows user profiles. In addition, enrolled users can manage their Windows passwords in Windows. This provides greater security by reducing the number of passwords when supporting a single sign-on environment. For more information see Changing the LCLPWDMGT user profile attribute and the Enterprise Identity Mapping (EIM) articles in the Information Center.
Can I manage my Windows password from Windows?
Yes. Enrolled users can manage their Windows passwords from Windows. This is enabled by setting the "Local password management" (LCLPWDMGT) value in the i5/OS user profile to *NO. For more information, see Types of user configurations.
Trademark information
See the Trademark information page for information on IBM and other company trademarks.
