To automatically synchronize passwords from an Active Directory domain to another data system, complete these steps:
Capture Agent tracks changes to the user passwords in the source Active Directory domain and provides this information to Synchronization Service, which in turn synchronizes passwords in the target connected systems you specify.
For more information on how to install Capture Agent, see Managing Capture Agent.
Alternatively, you can configure a connection to Active Roles that manages the source Active Directory domain.
For more information about mapping objects, see Mapping objects.
Synchronization Service automatically maps objects between the source Active Directory domain and the target connected system if you configure sync workflows to manage the creation and deprovision operations between the source AD domain (or Active Roles that manages that domain) and the target connected system.
For more information on sync workflows, see Synchronizing identity data.
For more information, see Creating a password sync rule.
After you complete the above steps, the Synchronization Service starts to automatically track user password changes in the source AD domain and synchronize passwords in the target connected system.
If necessary, you can fine-tune the password synchronization settings by completing these optional tasks:
For more information, see Using PowerShell scripts with password synchronization.
Capture Agent is required to track changes to the user passwords in the Active Directory domain you want to be the authoritative source for password synchronization operations. To synchronize passwords, you must install Capture Agent on each domain controller in the source Active Directory domain.
Whenever a password changes in the source Active Directory domain, the agent captures that change and provides the changed password to the Synchronization Service. In turn, the Synchronization Service uses the provided information to synchronize passwords in the target connected systems according to your settings.
In this section:
You can use this method to manually deploy Capture Agent on each domain controller in the source Active Directory domain.
To manually install Capture Agent
You can find these files in the Solutions folder on the Active Roles distribution media.
You can perform a silent installation of Capture Agent as follows.
To perform a silent installation
On a 32-bit system, enter the following syntax at a command prompt:
msiexec /i "<Path to SyncServiceCaptureAgent_7.2.0_x86.msi>" /qb
INSTALLDIR="<Path to installation folder>" REBOOT="<Value>"
On a 64-bit system, enter the following syntax at a command prompt:
msiexec /i "<Path to SyncServiceCaptureAgent_7.2.0_x64.msi>" /qb
INSTALLDIR="<Path to installation folder>" REBOOT="<Value>"
In the above syntax:
Argument |
Description |
INSTALLDIR |
Specifies the installation folder for the Capture Agent. When this argument is omitted, the following default installation folder is used: %ProgramFiles%\One Identity\Active Roles\7.2\SyncServiceCaptureAgent |
REBOOT |
Allows you to suppress a system restart in a situation where a restart is required for the Capture Agent installation to complete. To suppress the restart, use the following syntax: REBOOT="ReallySupress" |
You can use this method to automatically deploy Capture Agent on each domain controller in the source Active Directory domain. This method is applicable in the following scenarios only:
Supported scenario |
Prerequisites |
Scenario 1: AD domain includes either 32- or 64-bit domain controllers |
|
Scenario 2: AD domain includes both 32- and 64-bit domain controllers |
|
To install Capture Agent by using Group Policy
Scenario 1: AD domain includes either 32- or 64-bit domain controllers |
Scenario 2: AD domain includes both 32- and 64-bit domain controllers |
|
|
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy