You can modify the default values of the parameters related to password synchronization. These parameters and their default values are described in the next table.
Table 109: parameters
Interval between attempts to reset password |
The Capture Agent sends information on changes made to Active Directory user passwords to . After receiving this information, tries to reset passwords in the target connected systems you specified.
This parameter determines the time interval (in minutes) between attempts to reset passwords in the target connected systems. |
10 minutes |
connection point update period |
publishes its connection point in Active Directory.
This parameter determines the frequency of updates (in minutes) of the connection point. |
60 minutes |
Certificate to encrypt Capture Agent traffic |
This parameter specifies the thumbprint of the certificate used to encrypt the password sync traffic between Capture Agent and . The same certificate must be used for the Capture Agent and the . |
By default, a built-in certificate is used. |
You can modify the parameters using Group Policy and the Administrative Template supplied with .
To modify parameters using Group Policy
-
On the computer running the , start Group Policy Object Editor, and then connect to the Local Computer Policy Group Policy object.
-
In the Group Policy Object Editor console, expand the Local Computer Policy node, expand the Computer Configuration node, and select Administrative Templates.
-
On the Action menu, point to All Tasks, and click Add/Remove Templates.
-
In the Add/Remove Templates dialog, click Add, and then use the Policy Templates dialog to open the SyncService.adm file that holds the Administrative Template.
By default, the SyncService.adm file is stored in the following subfolder of the Active Roles Synchronization Service installation:
\SyncService\Administrative Templates
-
Under Computer Configuration > Administrative Templates > Active Roles, select Sync Service Settings, and then in the details pane, configure the appropriate group policy settings.
The names of group policy settings correspond to the names of the parameters provided in the table in Configuring Capture Agent.
-
For the changes to take effect, refresh the Group Policy settings by running the following command at a command prompt:
gpupdate /force
By default, uses a built-in certificate to encrypt password sync traffic between the Capture Agent and the . If necessary, you can use a custom certificate for this purpose.
NOTE: Consider the following when specifying a custom certificate for encrypting password sync traffic:
-
SSL certificates signed with MD5 algorithm are not supported.
-
Backward compatibility for Quick Connect v5.5 with Active Roles Capture Agent can be achieved through custom certificate signed with SHA algorithm.
This section illustrates how to use a custom certificate for encrypting the password synchronization traffic in Windows Server 2012.