The Password Capture Agent provides a Windows PowerShell module for remote and automated installing, configuring and uninstalling. You can use this method to automatically deploy the Password Capture Agent on each domain controller in the source Active Directory domain.
For uninstalling the Password Capture Agent remotely use the following command in an elevated Active Directory.
Import-Module OneIM-PasswordCaptureAgentMgmt
Uninstall-PasswordCaptureAgent`
-ComputerName <Computer name>`
-LogFile <UNC path to log file>`
–LogVerbose
This section provides information about the optional tasks related to configuring automated password synchronization from an Active Directory domain to connected data systems.
The Password Capture Agent has several settings you can modify. After you install the Password Capture Agent, each of these parameters is assigned a default value.
|
NOTE: If you do not configure the thumbprint for the Password Capture Agent, the password will be secured by transport layer security only (HTTPS). |
Some of the configuration parameters for the Password Capture Agent are changeable with the Windows Registry Editor. The parameters are split up into those that are used by the Password Capture Agent service and those used by the Password Capture Agent driver.
The base path for the parameters of the Password Capture Agent service is:
HKLM\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Service\
Default | Type | Description |
---|---|---|
String |
This setting determines the location - Uniform Resource Locator (URL) - of the Webservice to which the Password Capture Agent provides information about changed user passwords. In the Form: https://<serverfqdn>/SoapService/Q1IMService.asmx |
Default | Type | Description | ||
---|---|---|---|---|
String |
This setting specifies a certificate used to encrypt the data transfer channel between the Password Capture Agent and the Webservice. The certificate must be accessible both for the Password Capture Agent and the Webservice.
|
The base path for the parameters of the Password Capture Agent driver is:
HKLM\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Driver\
|
NOTE: No reboot is required to take effect. |
Default | Type | Description |
---|---|---|
0 | DWORD |
Controls the logging behavior of Password Capture Agent driver. If enabled event log logging will be verbose, if the parameter "Logfile" has been set, additional trace logging will be written to that log file. |
Default | Type | Description |
---|---|---|
120 | DWORD |
Time to wait in seconds before attempting a retry after a connection error. |
Default | Type | Description |
---|---|---|
String |
Diagnostics log file that should be used in addition to event log logging. |
Default | Type | Description |
---|---|---|
0 | DWORD |
Enable to force the One Identity Manager to log successful transmissions to the Webservice to the event log. |
Default | Type | Description |
---|---|---|
RpcSs EventSystem COMSysApp | MultiString |
Services that Password Capture Agent driver is waiting for, before starting the Password Capture Agent service. |
Default | Type | Description |
---|---|---|
0 | DWORD |
Enable to force One Identity Manager to ignore password resets and only transmit password changes to One Identity Manager Service. |
Default | Type | Description |
---|---|---|
^.*$$ | MultiString |
Regular expressions that identify accounts that should be ignored. By default '^.*$$' ignores all machines accounts, e.g.: accounts ending with a $.. |
Default | Type | Description |
---|---|---|
500 501 502 | MultiString |
UserRIDS that should be ignored by default. The default ignores built-in accounts. |
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy