Password
To change the password used to authenticate against One Identity Manager use either the command line Set-ServiceConfig.exe or the Password Capture Agent Windows PowerShell module.
The command line will be supplied with the Password Capture Agent and is located in the Password Capture Agent installation folder ...\Service.
|
|
NOTE: It is required that the Password Capture Agent is configured to use the parameter "BackendClientCredentialType = DialogUser". |
Example (local)
"%ProgramFiles%\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" BackendClientCredentialUserPwd:<new password>
The command line can also be used to set the password on a remote server on which the Password Capture Agent is installed. Use the optional parameter "Servername" to specify the name or the IP address of the remote server. In this case, COM+ Network Access must be enabled on the remote server in the application server role. If it is not enabled, see the Microsoft documentation to enable it (http://technet.microsoft.com/en-us/library/cc731967.aspx).
Example (remote)
"%ProgramFiles%\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" BackendClientCredentialUserPwd:<new password> Servername: <Server name or IP address>.
|
|
NOTE: It is not required to restart the Password Capture Agent service. The new password takes effect immediately. |
Related Topics
Delete Jobs
The Password Capture Agent manages a queue with the password change jobs he is sending to One Identity Manager. If you need to delete some of these jobs from the internal queue you can use the command line Set-ServiceConfig.
Example (local)
"%ProgramFiles%\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" <Job-ID>::=<YYYY.MM.DD HH.MM.SS.mmm>|*
Sample for a certain Job-ID: '2014.10.03 16:45:07.647'.
|
|
TIP: To delete all jobs use '*' as Job-ID. |
Logging with NLog
Starting with Version 2.0, the Password Capture Agent is using NLog for logging. NLog allows the logging to be configured using an XML file.
By default we provide an nlog.config in the Password Capture Agent installation folder, which is using the same EventLog as previous Versions.
This nlog.config also provides additional examples on how configure NLog to log directly to a file or other tools such as chainsaw, you can enable these by uncommenting the matching rules in the rules section of the nlog.config.
More detailed examples, on how to configure NLog, can be found here:
https://github.com/nlog/NLog/wiki/Configuration-file
Be aware that a faulty nlog.config will cause the Password Capture Agent to stop logging.
Configuring the Webservice
You can modify the default values of the following configuration parameters related to password synchronization. You can modify these configuration parameters in the Designer.
| Parameter |
Description |
|---|---|
|
QER\Person\UseCentralPassword\ |
This configuration parameter specifies if a certificate is used to encrypt the password synchronization traffic between the Password Capture Agent and the Webservice. Default value: enabled |
|
QER\Person\UseCentralPassword\ |
When this configuration parameter is set the Password Capture Agent synchronizes the Active Directory password to the employee's system password as well. Default value: enabled |
|
|
IMPORTANT: Passwords for user accounts marked as privileged user accounts in the One Identity Manager will not be synchronized with other connected target systems. |
|
|
TIP: If you have configured more than one Active Directory domain or have employees with more than one user account to use the Password Capture Agent check your password policy for employee's central password. To avoid circular password resets the password history value should be 1 or greater. |