The following items need to be configured properly for a one-time password synchronization to work:
Once all of the above are in place, you will need to create a workflow that contains an UPDATE workflow step. In this update workflow step, create a forward synchronization rule and select the following attribute to be synchronized:
pwdHash
Save and run the workflow to do a one-time password synchronization from the source domain to the target domain.
Additional Notes
In a normal Active Directory scenario, the pwdHash attribute is not something that's properly exposed for use in password synchronization. This is why having the Quick Connect Capture Agent installed on both sides is necessary. This allows us to read the hash value from the source domain and update the target domain hash value without every having to know the password or do an actual password reset. With that said, if there is a more restrictive password policy on the target and the source password doesn't meet the requirement, it will in fact overwrite and update to the target and bypass the policy check, since the password value itself is never known.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center