Appendix B: Using a PowerShell script to
transform passwords
You can use a Windows PowerShell script in a password sync rule to transform passwords. This section provides some reference materials on how to write a Windows PowerShell script for password transformation.
To synchronize passwords between the source Active Directory domain and the target connected data system, Synchronization Service uses the password sync rules you configure. In a password rule settings, you can type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. For example, you can use such a script if you want the object passwords in the source and target connected systems to be different.
When developing a PowerShell script to transform passwords, you can employ the $srcPwd built-in associative array (hash table) that allows the scripts to access the source object password. The $srcPwd returns a string that contains the object password.
To clarify the use of $srcPwd, consider a scenario where the target object password in the target connected data system must include only 8 first characters of the source object password in the source Active Directory domain.
The following scripts implements the described scenario:
if($srcPwd.length -gt 8)
{
$srcPwd.substring(0,8)
}
else
{
$srcPwd
}
# End of the script