立即与支持人员聊天
与支持团队交流

On Demand Migration Current - Password Propagation Service User Guide

Introduction

About Password Propagation Service

Password Propagation Service is a component of Directory Sync that allows password synchronization in environments without RC4 Encryption. Unlike the Legacy Password Monitor Service, which requires RC4 Encryption, Password Propagation Service simply copies the password from the source to the target.

When a password changes in the source, the password filter installed on every domain controller in the source environment will capture the password and use the Password Propagation Service to set the password in the target using LDAPS security.

Requirements

Security

For Password Change Service

  • Windows Server 2019 or 2022

  • 4 vCore, 16GB RAM

  • An Administrator Account to install and configure the Password Change Service. It must have access rights to all domains and objects in scope for all users require the password propagation service.

  • An Account has with Full Write access to the target user objects in-scope for the password changes.

  • Windows Internet Information Server (IIS) must be preconfigured with certificate provisioned.

  • TLS 1.2 or higher

  • .NET Framework 4.7.2

  • Third-party anti-virus or threat prevention programs may block the execution of password tasks. These programs may need to be uninstalled from both the Domain Controller and otherwise carefully whitelist all files related to Password Filter to allow proper operation.

    C:\ProgramData\Quest\DS Password Change Service

For Password Filter

  • Windows Server 2019 or 2022

  • An Administrator Account to install and configure the Password Change Service

  • Must be installed on all domain controllers in the source environment

    Note, Read Only Domain Controllers can be excluded.

  • Third-party anti-virus or threat prevention programs may block the execution of password tasks. These programs may need to be uninstalled from both the Domain Controller and otherwise carefully whitelisted to allow proper operation.

    C:\Program Files\Quest\DS Password Change Relay Service

  • TLS 1.2 or higher

  • .NET Framework 4.7.2

Network Ports

Below are the general requirements for On Demand Migration Directory Sync:

  • Connecting to the Directory Sync web interface uses TCP port 443 (HTTPS).

  • Agent connections are initiated by the agent and require port 443 access to Directory Sync SaaS application.

  • Agent connections to the DCs use ports 88, 135, 137-139, 389 (UDP), 445, 1027, 3268 and 49152-65535.

  • Copying SIDHistory is an operation initiated by the agent and performed by the domain controllers.

  • Source/Target Domain Controller FQDNs must be resolvable by each other.

  • Open TCP ports 88, 135, 137-139, 389 (UDP), 445, 1027, 3268 and 49152-65535.

Below are the general requirements for Password Propagation Service:

Installation and Configuration

Installing and configuring the Password Propagation Service requires the following actions:

  1. Enabling the Password Propagation Service option on the Environment Passwords Setting page and downloading the Password Propagation Service Download.

  2. Installing the Password Change Service in the source environment.

  3. Configuring the Password Propagation Server for the target environment where the passwords will be changed.

    Note: The Password Propagation Service must be preconfigured with Windows Internet Information Server (IIS) with certificate provisioned.

  4. Manually installing Password Filter on every Domain Controller in the source Active Directory forest.

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级