지금 지원 담당자와 채팅
지원 담당자와 채팅

On Demand Migration Current - Active Directory Modern Password Sync Setup Quick Start Guide

Configured Password Filter Plugin (Modern Password Sync)

Modern Password Sync requires Quest Directory Sync Password Filter installed in both source and target Active Directory. In a multi-domains forest, at least one Domain Controller per Domain must be configured with Password Filter.

To install the password filter, the following are required

  • One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to install Password Filter on the Domain Controller.

  • One (1) Domain Controller per domain in a multi-domain forest.

Follow these steps to set up the password filter.  

  1. Launch the Password Filter installer on the domain controller.

  2. Click the Next button.

  3. Enter the same Passphrase used during Directory Sync agent installation, the passphrase must be the same for Directory Sync agent to communicate with the Password Filter.

A screenshot of a computer Description automatically generated

  1. Click the Next button.

  2. Click the Install button.

  3. Select ‘Yes, I want to restart my computer now’ and click the Finish button. Note, the domain controller must be restarted as Password Filter runs during startup.

A screenshot of a computer Description automatically generated

  1. Repeat the above step and install the Password Filter in the target Active Directory Domain Controller.

 

Setup Templates

Before we can build our workflows, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.

For the purpose of this guide, the following template will need to be configured to perform Password Synchronization for User Objects. This guide also assume users will be created in the target Active Directory if there is no match found.  Additional templates may be created based on your project requirements.

  • Local to Local Password Sync

How to create a Local to Local Template

  1. Navigate to Templates.
  2. Click New.
  3. Enter the Name and Description for the template.
  4. In our example, we will name our template “Local to Local Password Sync”. Click Next
  5. Click Local as the source environment type. Click Next
  6. Click Local as the target environment type. Click Next
  7. Set CREATE NEW USERS AS = AS-IS.
  8. Set UPDATE CREATED USERS= ENABLE.
  9. Set UPDATE MATCHED USERS= ENABLE.
  10. Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.
  11. Click Next.
  12. Set CREATE GROUPS AS = SKIP.
  13. Set UPDATE CREATED GROUPS = DISABLE.
  14. Set UPDATE MATCHED GROUPS = DISABLE.
  15. Click Next.
  16. Set CREATE NEW CONTACTS AS = DO NOT CREATE.
  17. Set UPDATE CREATED CONTACTS = DISABLE.
  18. Set UPDATE MATCHED CONTACTS = DISABLE.
  19. Click Next.
  20. Set CREATE NEW DEVICES AS = SKIP.
  21. Set UPDATE CREATED CONTACTS = DISABLE.
  22. Set UPDATE MATCHED CONTACTS = DISABLE.
  23. Click Next.
  24. Enter a default password, Click Next.
  25. Leave the SYNCHRONIZE SID HISTORY checkbox unchecked. Click Next.
  26. Under mappings, we can leave the settings as default or update them based on your project requirements.
  27. Click Next.
  28. Click Finish.

Setup Workflows

Follow these steps to create two (2) new workflows for reading, matching, staging and writing data. 

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택