Chat now with support
Chat with Support

Password Manager 5.9.7 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies One Identity Starling Reporting Password Manager Integration Appendixes Glossary

Converting Q&A Profiles

After you have configured Password Manager 5.9.7, you can convert users’ Q&A profiles to make it compatible with the latest Password Manager version. To convert Q&A profiles, you must use the Migration Wizard.

When converting users’ Q&A profiles, specify whether to convert profiles of all users belonging to the user scope, users in a specified group or users of a Management policy. You can also select whether to convert Q&A profiles in test or production mode.


  • Before converting users’ Q&A profiles it is recommended to prevent users from accessing the Self-Service site. For more information, see To specify groups or OUs that are denied access to the Self-Service site.
  • To avoid bad data error during user migration, run the migration wizard in test mode. View the report to check if the user information have been migrated successfully.

To convert Q&A profiles

  1. On the computer where Password Manager is installed, run the Migration Wizard from the Password Manager autorun window. It is recommended to run the Migration Wizard under the Password Manager Service account.
  2. On the Welcome page, select the Convert users’ Q&A profiles task.
  3. In the Select management policy drop-down box, select the Management Policy to convert Q&A profiles of users from its user scope and click Next.
  4. On the second page, do one of the following and click Next:
    • Click All users from the user scope to convert Q&A profiles of all users from the user scope of the selected Management Policy.
    • Click The following groups to specify the groups of users whose Q&A profiles will be converted. To select groups, click Add and do the following:
      • In the Add Groups dialog box, enter the group name, select the domain from the list and click Search.
      • Select the required groups in the list and click Save.
  5. On the third page, do one of the following and click Next:
    • Click Convert Q&A profiles in test mode to covert profiles in test mode. The existing profiles will not be replaced.
    • Click Convert Q&A profiles in production mode to convert profiles in production mode. All existing profiles will be replaced.
  6. On the status page, click View the report for detailed information to view a detailed account of profile conversion. If you converted Q&A profiles in test mode, click Convert Q&A profiles in production mode.
  7. Click Finish to close the wizard.

    IMPORTANT: After profile conversion, some users may not be able to edit their Q&A profiles. Such users will be able to reset their passwords and unlock accounts on the Self-Service site, but if they want to edit their Q&A profiles, they will be forced to create new Q&A profiles.

    If users’ Q&A profiles have been skipped during profile conversion, such users will not be able to use Password Manager 5.9.7 until they create new Q&A profiles.

Upgrading Secure Password Extension

You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.

To remove the existing and assign a latest-version package

  1. Remove the assigned package (Quest One Secure Password Extension x86.msi or Quest One Secure Password Extension x64.msi) from the list of software to be installed.
  2. Add the latest-version MSI packages to the list of software to be installed.

When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.

During the upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.

Upgrading Password Policy Manager

Both removal and installation of Password Policy Manager (PPM) requires computer restart. Upgrade PPM on all domain controllers in sequential order. Perform the upgrade during off-peak hours to cause minimal impact to your organization’s operations.

To guarantee that all the passwords in your organization comply with the established policies, Password Policy Manager must be deployed on all domain controllers in the managed domain.

To upgrade from Password Policy Manager version 5.7.1 or later versions

  1. Remove the previous version of Password Policy Manager from a domain controller and restart the computer when prompted. For more information on uninstalling PPM, see Uninstalling Password Policy Manager.
  2. Install the new version of Password Policy Manager on that domain controller and restart the computer when prompted. For more information on installing PPM, see Installing Password Policy Manager.
  3. Repeat the steps 2 and 3 for each domain controller in the managed domain.

If the previous version of Password Policy Manager has been deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list. For more information, see Uninstalling Password Policy Manager. After the previous version is removed from the domain controllers, the new version may be deployed to those DCs through Group Policy.

Administrative Templates

The Password Manager distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Password Manager Administration Console by default.

In the Password Manger installation package, you can find the below mentioned files in \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.

These administrative templates are supplied in the following files.

File Description
prm_gina.admx Contains the administrative policies defined by OneIdentity Password Manager.
prm_gina.adml Allows Group Policy Object Editor to display a policy setting in the configured locale(supported language).


This chapter consists of the following sections

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating