The Password Sync feature is designed to synchronize passwords from environment to environment without being directly tied to workflows.
However, a workflow that reads all the users in scope for password sync must exist and there must be a workflow that matches the source to target objects. If there is no match, passwords will not be synchronized.
You may only have one agent set to detect password changes. Having a single agent for this task avoids conflicts caused by multiple agents updating passwords at the same time.
When the “Allow password changes” option is selected, objects passwords will be updated if matched to any environment set to detect password changes.
The environment filter determines which users are in scope for password change. if matched and in environment scope, they will be updated if a source changes.
Two-way password sync is possible by selecting to monitor password changes in the source and target environments.
The password hash is stored encrypted in the database to determine if password changes must occur on the target. Passwords are never converted to plain text.
The agent designated for password change monitoring checks for changes every 30 seconds.
Creating an alert for when agents go offline is recommended in case the password monitoring agent encounters an issue.
The account that the agent has been configured with must have access to the admin$ share of the domain controllers.
A LDAP query can be entered in the LDAP Filter field to control the application of the Password Sync feature.
Alerts may be added to keep administrators informed of the success completion and/or failure of any workflow. Alerts are delivered as status emails to the designated recipients. For each workflow choose the previously created alerts or add a new alert. Easily add multiple recipients, by separating the addresses with a semicolon.
To manage workflow alerts, simply open the left navigation menu and click Alerts, located under Settings, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
Follow these steps to create a new workflow alert.
- Navigate to Alerts.
- Click New.
- Enter a Name, click Next.
- Enter recipients. To add multiple recipients, separate addresses with a semicolon ( ; ).
- Click Next.
- Choose Language preference, click Next.
- Choose which events trigger alerts.
- Choose Workflow Failure at a minimum.
- Do not choose Local Agent Offline for a Cloud only workflows and environments.
- Click Next.
- Click Finish.
Follow these steps to add an alert to an existing workflow.
- Navigate to Workflows.
- Locate and select Write workflow created earlier.
- Click the Settings button.
- Click Alerts.
- Click Add.
- Select the Alert created in the previous steps.
- Click OK.
- Navigate to Workflows.
- Repeat these steps for each workflow.
What workflow events can generate an alert?
You can select to have an email notification sent when the workflow finishes for the following events:
- Workflow Completion - A notification will be sent each time your workflow completes successfully.
- Workflow Failure - A notification will be sent each time your workflow completes successfully.
- Local Agent Offline - A notification will be sent each time local agents go offline.
Alerts can be edited on the Alerts page by selecting an Alert in the table and clicking "Settings."
Active alerts can be disabled on the Alerts page by selecting the alert in the table and clicking "Disable." Disabled alerts can be activated on the Alerts page by selecting the alert in the table and clicking "Enable."
A script entry is used to securely store a PowerShell script file and can be run as part of workflow at any point in the process using the Script Task.
To manage saved scripts, simply open the left navigation menu and click Scripts, located under Settings, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
On the Run PowerShell Scripts screen, choose an existing script to run. Stop workflow on error will stop the workflow if an error is encountered, so placement of this step within the workflow sequence must be considered.
On the Scripts page, click the New button to add a new script to the collection. Name your script, and choose a local environment for it to apply to. Directory Sync does not validate your scripts, so be sure that you test them first in a non-production environment. Note that all scripts are run under the service account and an account with the required AD Rights must be configured to logon to the service.
Data Sets can be used in conjunction with the “LookupValue” function to find source values and replace with target values.
Data Sets are ideal for managing long lists of replacement strings commonly associated with Directory migration and consolidation projects.
For example, if a Data Set is named "Domains" and you want to replace "contoso.com" with "hr.contoso.com", set the Key Value to "contoso.com" and Return Value to "hr.contoso.com". Then in the appropriate attribute advanced mapping (e.g. UserPrincipalName) you could reference a formula like, LookupValue('Domains', s.UserPrincipalName, null)
This formula will find contoso.com from the UserPrincipalName attribute with hr.contoso.com.
Some other common uses cases might be:
- Update common attributes values like Department from the old format to the new format (e.g. HR to Human Resources)
- Reorganize OUs but applying data sets to determine the target OU
- Map complex environments with multiple source domains to different target domains
- Breakdown complex text strings into smaller pieces for use within another function
To manage saved data sets, simply open the left navigation menu and click Data Sets, located under Settings, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
To create a Data Set:
- Select "Data Sets" under Settings in the left navigation menu.
- Click “New”.
- On the General tab, enter a name and description for the Data Set and click "Save".
- Click the "Values" tab.
- Click "New" to enter key values and return values or click "Import" to choose a file of key values and return values. If importing a data set, click "Download Example" to download an example CSV.
On the Data Sets details screen, click the Import button to select a CSV with Key Value and Return Value columns.
Note: The imported CSV will replace any existing data in the data set.
Select the data set(s) and click the Export button to generate a CSV file of existing data sets. You can then use the Import action to upload modifications to the list if desired.
Select the data set(s) and click the Archive button to archive the data set(s).
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center