Chat now with support
Chat mit Support

Password Manager 5.13.2 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring access to the Administration Site Configuring access to the Legacy Self-Service Site or Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Active Directory Sites

By specifying Active Directory sites in the domain connection settings you select the site in which you want Password Manager to replicate changes as soon as they occur in other sites. This reduces downtime that users may experience when your environment has several Active Directory sites and changes do not get immediately replicated between the sites.

For example, when users unlock their accounts on the Self-Service Site, this operation may occur in one site. But when they attempt to log in to their computers, this operation may occur in another site, to which the information about the unlocked account has not been replicated yet. In this case, users will not be able to log in until the information is replicated to the second site. To mitigate this issue, select the Active Directory sites in which you want to replicate changes immediately in the domain connection settings.

When specifying the site, you can select either the default writable domain controller (automatically selected in Active Directory) or select several writable domain controllers from this site. If you specify several domain controllers, changes will be propagated to the first available domain controller in the site.

To specify Active Directory sites

  1. On the Administration Site, select the Management Policy you want to configure and click the User Scope link.

  2. On the User Scope page, select the domain connection for which you want to specify Active Directory sites and click Edit.

  3. On the User Scope Settings for #Domain# page, click Edit.

  4. On the Advanced Options tab of the Edit Domain Connection dialog, click Add under the Active Directory sites table, select required sites, and click Add.

  5. Click Save and select how you want to apply the updated settings. You can either apply the new settings for this user scope only, or everywhere where this domain connection is used.

Propagating changes

After you specify the Active Directory sites in which you want to push changes, you can also select what kind of changes to propagate. The following options are available:

  • Propagate changes related to the user’s account in Active Directory.

  • Propagate changes related to the user’s Questions and Answers profile.

  • Propagate password-related changes.

Propagating account-related changes: Select this option to propagate information about unlocking and enabling user accounts in Active Directory. It is recommended to use this option when a managed domain has users in multiple Active Directory sites.

Propagating Q&A profile-related changes: Select this option to propagate information about editing, locking and unlocking Q&A profile, and passcodes issued by help desk. It is recommended to use this option when users and Password Manager Service use domain controllers from different sites. In this case, if a helpdesk operator assigns a passcode to a user (via the domain controller in one site), and then the user attempts to use the passcode on the Self-Service (via the domain controller in another site), the user may encounter the issue when the information about the passcode has not been replicated yet because of intersite replication latency.

Propagating password-related changes: Select this option to propagate information about changing or resetting user password. For more information, see Propagating password-related changes.

Changing the domain management account

To access a managed domain you can use either a domain management account or Password Manager Service account. For more information, see Changing domain management account.

To modify account used to access a domain

  1. On the Administration Site, select the Management Policy you want to configure and click the Helpdesk Scope link.

  2. On the Helpdesk Scope page, select the domain connection for which you want to change access account and click Edit.

  3. On the Helpdesk Scope Settings for #Domain# page, click Edit.

  4. In the Access account section of the Edit Domain Connection dialog, select Password Manager Service account to have Password Manager access the managed domain using the Password Manager Service account. Otherwise, select Domain management account, and then enter user name and password for the domain management account.

  5. Click Save and select how you want to apply the updated settings. You can either apply the new settings for this helpdesk scope only, or everywhere where this domain connection is used.

Removing a domain connection

This section provides information on how to remove a domain connection.

To remove a domain connection

  1. On the Administration Site, click the General Settings > Domain Connections tab.

  2. On the Domain Connections page, select the domain connection you want to delete and click Remove.

    NOTE: To permanently remove the domain connection, it should be removed from all sections where it is used. The Remove link becomes available only after the connection is removed from all sections where it is used.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen