This document details how Quick Connect and the Active Roles Sync Service behaves (encryption-wise) when performing password synchronization between its supported systems.
Quick Connect and the Active Roles Sync Service behaves in the following manner when synching passwords:
a) Password Sync between two AD instances where the Capture Agent is being deployed on both of the Source & Target servers, then the Salted HASH (i.e. MD5) will be transferred.
b) Password Sync between AD & Target Systems which support secure password transfer, password is encrypted as per connector guide lines. For ex: Google Cloud Connector has this implementation where Google Directory API supports the secured password transfer.
c) Password Sync between AD & Target Systems which does not support secure password transfer (i.e. LDAP Directory), the password is sent to the API as Plain Text. So, in this situation, the SALT is communicated between AD -> Sync Engine & Sync Engine, then to the Target System it is communicated as plain text.