立即与支持人员聊天
与支持团队交流

Password Manager 5.13.2 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring access to the Administration Site Configuring access to the Legacy Self-Service Site or Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Changing the access account for domain connections

After setting up domain connections, you can change the access account. Under access accounts, Password Manager will access the AD LDS instance and a specified application directory partition.

To change domain access account

  1. On the home page of the Administration Site, click the General Settings > Domain Connections tab.

  2. Select the domain connection you want to modify and click Edit.

  3. In the Edit Domain Connection dialog, select Password Manager Service account to have Password Manager access the domain using the Password Manager Service account. Otherwise, click Specified user name and password, then enter the user name and password in the corresponding text boxes.

    NOTE: The selected account must have the required permissions. For more information, see Configuring permissions for domain management account.

  4. Click Save.

    NOTE: The updated settings will be applied everywhere where this domain connection is used.

Specifying advanced settings for domain connection

After you have created a domain connection, you can specify advanced settings for the connection: domain controllers and Active Directory sites of the managed domain. For more information about domain controllers, see Domain Controller.

To specify domain controllers

  1. On the Administration Site, click the General Settings > Domain Connections tab.

  2. On the Domain Connections page, select the domain connection for which you want to specify domain controllers and click Edit.

  3. On the Advanced settings tab of the Edit Domain Connection dialog, click Add under the domain controllers table and select required domain controllers, and click Add.

  4. Click Save. Note, that the updated settings will be applied everywhere where this domain connection is used.

Active Directory sites

By specifying Active Directory sites in the domain connection settings you select the site in which you want Password Manager to replicate changes as soon as they occur in other sites. This can reduce downtime that users may experience when your environment has several Active Directory sites and changes may not get immediately replicated between the sites.

For example, when users unlock their accounts on the Self-Service Site, this operation may occur in one site. But when they attempt to log in to their computers, this operation may occur in another site, to which the information about the unlocked account has not been replicated yet. In this case, users will not be able to log in until the information is replicated to the second site. To mitigate this issue, select the Active Directory sites in which you want to replicate changes immediately in the domain connection settings.

NOTE: You cannot force replication of changes related to password policies. Such changes are replicated by Active Directory.

To specify Active Directory sites

  1. On the Administration Site, click the General Settings > Domain Connections tab.

  2. On the Domain Connections page, select the domain connection for which you want to specify domain controllers and click Edit.

  3. On the Advanced Settings tab of the Edit Domain Connection dialog, click Add under the Active Directory sites table, select required sites, and click Add.

  4. Click Save.

    NOTE: Password Manager will apply the updated settings everywhere where this domain connection is used.

Propagating changes

After you specify the Active Directory sites in which you want to push changes, you can also select what kind of changes to propagate. The following options are available:

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级