サポートと今すぐチャット
サポートとのチャット

Password Manager 5.14.3 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring access to the Administration Site Configuring access to the Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Glossary

Propagating changes

After you specify the Active Directory sites in which you want to push changes, you can also select what kind of changes to propagate. The following options are available:

Propagating account-related changes

Select this option to propagate information about unlocking and enabling user accounts in Active Directory. It is recommended to use this option when a managed domain has users in multiple Active Directory sites.

Propagating Q&A profile-related changes

Select this option to propagate information about editing, locking and unlocking Questions and Answers profile, and passcodes issued by Helpdesk. It is recommended to use this option when users and Password Manager Service use domain controllers from different sites. In this case, if users update their Q&A profiles using Secure Password Extension (via the domain controller in one site), and then attempt to use the profiles on the Self-Service (via the domain controller in another site), they may encounter the issue when the updated Q&A profile is not yet available because of intersite replication latency.

Propagating password-related changes

Select this option to propagate information about changing or resetting user password. It is recommended to use this option in the following environment. You have several Active Directory sites in your environment; a user’s computer and Password Manager Service are located in different sites. User authentication is performed via a read-only domain controller (RODC).

In this environment, users may experience downtime in the following scenario:

  • A user changes password via a domain controller used by Password Manager Service in site A.

  • The user attempts to authenticate to an RODC in site B, the RODC forwards the authentication request to a writable domain controller in the site, but the password has not be replicated yet to site B.

  • User authentication is failed because of intersite replication latency.

To mitigate this issue, after selecting the corresponding Active Directory site (in which the RODC is located) and the writable domain controller from the site, select the Propagate password-related changes check box to immediately propagate password changes to the selected writable domain controller and enable user authentication via the RODC.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択