Chat now with support
Chat with Support

Quick Connect Sync Engine 5.5 - Administrator Guide

One Identity Quick Connect Overview Deploying One Identity Quick Connect Sync Engine Getting started Connections to external data systems Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendices

Step 3: Use Group Policy object to modify Capture Agent settings

Automated password synchronization > Fine-tuning automated password synchronization > Configuring Capture Agent > Step 3: Use Group Policy object to modify Capture Agent settings
  1. In Windows Server 2003 or Windows Server 2003 R2, under Computer Configuration\Administrative Templates\Quick Connect, select Quick Connect Capture Agent Service.

    In a later version of Windows Server, under Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\Quick Connect, select Quick Connect Capture Agent Service.

  2. In the details pane, configure the appropriate Group Policy settings.

    The names of Group Policy settings correspond to the names of the Capture Agent parameters provided in the table in Configuring Capture Agent.

  3. Run the following command at a command prompt for the changes to take effect:

    gpupdate /force

Configuring Quick Connect Service

You can modify the default values of the Quick Connect Service parameters related to password synchronization. These parameters and their default values are described in the next table.

 

Table 17: Quick Connect Service parameters

Parameter

Description

Default Value

Set interval between attempts to reset password

The Capture Agent sends information on changes made to Active Directory user passwords to the Quick Connect Service. After receiving this information, the Quick Connect Service tries to reset passwords in the target connected systems you specified.

This parameter determines the time interval (in minutes) between attempts to reset passwords in the target connected systems.

10 minutes

Set service connection point update period

The Quick Connect Service publishes its connection point in Active Directory.

This parameter determines the frequency of updates (in minutes) of the Quick Connect Service connection point.

60 minutes

Set certificate

This parameter specifies the thumbprint of the certificate used to encrypt the password sync traffic between Capture Agent and Quick Connect Service. The same certificate must be used for the Capture Agent and the Quick Connect Service.

By default, a built-in certificate is used.

You can modify the Quick Connect Service parameters using Group Policy and the Administrative Template supplied with the One Identity Quick Connect Sync Engine.

To modify the Quick Connect Service parameters using Group Policy

  1. On the computer running the Quick Connect Service, start Group Policy Object Editor, and then connect to the Local Computer Policy Group Policy object.
  2. In the Group Policy Object Editor console, expand the Local Computer Policy node, expand the Computer Configuration node, and select Administrative Templates.
  3. On the Action menu, point to All Tasks, and click Add/Remove Templates.
  4. In the Add/Remove Templates dialog box, click Add, and then use the Policy Templates dialog box to open the PasswordService.adm file that holds the Administrative Template.

    By default, the PasswordService.adm file is stored in <Quick Connect installation folder>\Quick Connect Capture Agent\Administrative Templates

  5. Under Computer Configuration\Administrative Templates\Quick Connect, select Quick Connect Password Service, and then in the details pane, configure the appropriate group policy settings.

    The names of group policy settings correspond to the names of the Quick Connect Service parameters provided in the table in Configuring Capture Agent.

  6. For the changes to take effect, refresh the Group Policy settings by running the following command at a command prompt: gpupdate /force

Specifying a custom certificate for encrypting password sync traffic

Automated password synchronization > Fine-tuning automated password synchronization > Specifying a custom certificate for encrypting password sync traffic

By default, Quick Connect uses a built-in certificate to encrypt password sync traffic between the Capture Agent and the Quick Connect Service. If necessary, you can use a custom certificate for this purpose.

This section illustrates how to use a custom certificate for encrypting the password synchronization traffic in Windows Server 2003.

Complete the following steps:

Step 1: Obtain and install a certificate

To obtain and install a certificate, you have to make a certificate request. There are two methods to request a certificate in Windows Server 2003:

  • Request certificates using the Certificate Request Wizard. To request certificates from a Windows Server 2003 enterprise certification authority, you can use the Certificate Request Wizard.
  • Request certificates using the Windows Server 2003 Certificate Services Web interface. Each certification authority that is installed on a computer running Windows Server 2003 has a Web interface that allows the users to submit certificate requests. By default, the Web interface is accessible at http://servername/certsrv, where servername refers to the name of the computer running Windows Server 2003.

This section provides steps to request certificates using the Windows Server 2003 Certificate Services Web interface. For detailed information about the Certificate Request Wizard, refer to the documentation on Certification Authority.

To request a certificate using the Windows 2003 Certificate Services Web interface

  1. Use a Web browser to open to http://servername/certsrv, where servername refers to the name of the Web server running Windows Server 2003 where the certification authority that you want to access is located.
  2. On the Welcome Web page, click Request a certificate.
  3. On the Request a Certificate Web page, click advanced certificate request.
  4. On the Advanced Certificate Request Web page, click Create and submit a certificate request to this CA.
  5. On the Web page that opens, do the following:
    1. Select the Store certificate in the local computer certificate store check box.
    2. Under Additional Options, select the PKCS10 option, and in the Friendly Name text box, specify a name for your certificate (such as My QC Certificate).

    Keep default values for all other options.

  6. Click Submit.
  7. On the Certificate Issued Web page, click Install this certificate.

After you install the certificate, it becomes available in the Certificates snap-in, in the Personal/Certificates store.

Related Documents