Chatta subito con l'assistenza
Chat con il supporto

On Demand Migration Current - Password Propagation Service User Guide

Introduction

About Password Propagation Service

Password Propagation Service is a component of Directory Sync that allows password synchronization in environments without RC4 Encryption. Unlike the Legacy Password Monitor Service, which requires RC4 Encryption, Password Propagation Service simply copies the password from the source to the target.

When a password changes in the source, the password filter installed on every domain controller in the source environment will capture the password and use the Password Propagation Service to set the password in the target using LDAPS security.

Requirements

Security

For Password Change Service

  • Windows Server 2019 or 2022

  • 4 vCore, 16GB RAM

  • An Administrator Account to install and configure the Password Change Service. It must have access rights to all domains and objects in scope for all users require the password propagation service.

  • An Account has with Full Write access to the target user objects in-scope for the password changes.

  • Windows Internet Information Server (IIS) must be preconfigured with certificate provisioned.

  • TLS 1.2 or higher

  • .NET Framework 4.7.2

  • Third-party anti-virus or threat prevention programs may block the execution of password tasks. These programs may need to be uninstalled from both the Domain Controller and otherwise carefully whitelist all files related to Password Filter to allow proper operation.

    C:\ProgramData\Quest\DS Password Change Service

For Password Filter

  • Windows Server 2019 or 2022

  • An Administrator Account to install and configure the Password Change Service

  • Must be installed on all domain controllers in the source environment

    Note, Read Only Domain Controllers can be excluded.

  • Third-party anti-virus or threat prevention programs may block the execution of password tasks. These programs may need to be uninstalled from both the Domain Controller and otherwise carefully whitelisted to allow proper operation.

    C:\Program Files\Quest\DS Password Change Relay Service

  • TLS 1.2 or higher

  • .NET Framework 4.7.2

Network Ports

Below are the general requirements for On Demand Migration Directory Sync:

  • Connecting to the Directory Sync web interface uses TCP port 443 (HTTPS).

  • Agent connections are initiated by the agent and require port 443 access to Directory Sync SaaS application.

  • Agent connections to the DCs use ports 88, 135, 137-139, 389 (UDP), 445, 1027, 3268 and 49152-65535.

  • Copying SIDHistory is an operation initiated by the agent and performed by the domain controllers.

  • Source/Target Domain Controller FQDNs must be resolvable by each other.

  • Open TCP ports 88, 135, 137-139, 389 (UDP), 445, 1027, 3268 and 49152-65535.

Below are the general requirements for Password Propagation Service:

Installation and Configuration

Installing and configuring the Password Propagation Service requires the following actions:

  1. Enabling the Password Propagation Service option on the Environment Passwords Setting page and downloading the Password Propagation Service Download.

  2. Installing the Password Change Service in the source environment.

  3. Configuring the Password Propagation Server for the target environment where the passwords will be changed.

    Note: The Password Propagation Service must be preconfigured with Windows Internet Information Server (IIS) with certificate provisioned.

  4. Manually installing Password Filter on every Domain Controller in the source Active Directory forest.

Strumenti self-service
Knowledge Base
Notifiche e avvisi
Supporto prodotti
Download di software
Documentazione tecnica
Forum utente
Esercitazioni video
Feed RSS
Contatti
Richiedi assistenza sulle licenze
Supporto tecnico
Visualizza tutto
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione