지금 지원 담당자와 채팅
지원 담당자와 채팅

On Demand Migration Current - Active Directory Password Sync Setup Quick Start Guide

Introduction

The goal of this guide is to provide a step-by-step walk through of how-to setup Real Time Password Synchronization for user objects between your On-Premises Active Directory environments.  Directory Sync will monitor source Active Directory password changes in real time and synchronize the changes to matched or newly created user objects in the target Active Directory.

To set up Directory Sync for Real Time Password Synchronization, source user objects must be matched to existing or newly created user objects in the target environment.  To accomplish this, four (4) configurations must be completed prior to the first synchronization.

  1. Set up Environments

  2. Set up Local Agents

  3. Set up Templates

  4. Set up Workflows

The next section will provide the list of requirements needed to successfully Synchronization Password between two Active Directory environments.

Requirements

In order to facilitate the Real Time Password Synchronization, the following is a list of minimum requirements to get set up using Directory Sync with your On-Premises Active Directory. 

Preparing the Source and Target Domains

Preparing the Source and Target Domains

  • ADMIN$ must be accessible on the domain controller from the Directory Sync agent server.

  • Any third-party anti-virus program that prevents access the LSASS process may need to be updated with a whitelist entry for the Password Sync executable.

  • The RC4 encryption (Rivest Cipher 4 or RC4-HMAC) is an element of Microsoft Kerberos authentication that Quest migration products require to sync Active Directory passwords between Source and Target environments.  Disabling the use of the RC4 protocol enabled makes password syncing between environments impossible.

Beginning on November 8, 2022 Microsoft recommended an out of band (OOB) patch be employed to set AES as the default encryption type.  The enabling and disabling use of the RC4 encryption protocol has potential impact beyond the function of password syncing of Quest migration tooling and should be considered carefully.

Account Permissions

  • One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows.

  • The Password Sync functionality requires that either a domain admin role or built-in admin role be granted to the service account.

The next section will provide a step-by-step guide on how to set up Password Synchronization for Active Directory environments.

셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택