Pricing  Get Quote
 
 

Knowledge Base

Self Service Password Management » Knowledge Base

Password Policy Enforcer configuration

ADSelfService Plus' Password Policy Enforcer enables admins to utilize advanced password policy controls like banning weak passwords and keyboard sequences for users' on-premises AD accounts and cloud accounts, including Microsoft 365 and Google Workspace. Moreover, admins can enforce different sets of password policy controls for different users based on their OU and group membership.

What is the Password Sync Agent?

ADSelfService Plus' Password Sync Agent, when installed on the domain controllers in your domain, tracks native password changes via the Ctrl+Alt+Del screen and password resets by admins in the ADUC console, encrypts the new passwords, and automatically synchronizes them with multiple systems and applications.

This document outlines the steps to enforce a custom password policy via ADSelfService Plus for password changes made through the Ctrl+Alt+Del screen and the ADUC console, ensuring the creation of strong passwords.

Configuring the Password Sync Agent

  1. Install the Password Sync Agent (location: <installation_folder>\bin\) using the Command Prompt with admin credentials. In the installation wizard that appears, click Next.
  2. Select the Protocol (HTTP or HTTPS) used in ADSelfService Plus.

    ADSelfService Plus Password Sync Agent installation wizard

    Fig. 1: ADSelfService Plus Password Sync Agent installation wizard

  3. Enter the IP address and port number of the server on which ADSelfService Plus is installed, then click Next.
  4. In the Access key field, paste the access key provided in the ADSelfService Plus portal. You can obtain the access key from Configuration > Administrative tools > GINA/Mac/Linux (Ctrl+Alt+Del) > Password Sync Agent Installation. Click Next.

    Entering configuration details in the ADSelfService Plus Password Sync Agent wizard

    Fig. 2: Entering configuration details in the ADSelfService Plus Password Sync Agent wizard

  5. Once the installation is complete, you must restart the domain controller for the Password Sync Agent to start working.

Note: By default, the password sync agent will be installed in the following location:

  • In 64-bit systems: - C:\Program Files (x86)\ZOHO Corp\Password Sync Agent
  • In 32-bit systems: - C:\Program Files\ZOHO Corp\Password Sync Agent

Making changes to the Password Sync Agent

In the event that you have given incorrect details during installation, moved ADSelfService Plus to a new server, regenerated the access key, or updated any Password Policy Enforcer settings, then the changes must be reflected in the Password Sync Agent for it to work properly. The details can be changed by following the steps given below:

  • Right-click the Password Sync Agent icon on the System tray and select Edit Settings. The Edit Settings dialog box will open.

    Editing configuration settings in the ADSelfService Plus Password Sync Agent wizard

    Fig. 3: Editing configuration settings in the ADSelfService Plus Password Sync Agent wizard

  • Enter the Server Name/IP Address, Port, Protocol (HTTPS/HTTP), and Access key used by ADSelfService Plus.
  • Click Save.

The new details will now be updated in the Password Sync Agent.

Upgrading or reinstalling the password sync agent

To upgrade the Password Sync Agent to a newer version or to reinstall the agent on an existing machine, follow the steps listed below:

  • Uninstall the Password Sync Agent from the control panel.
  • Install the Password Sync Agent from the new MSI.

Note: Do not repair the Password Sync Agent directly from the new MSI file.

Steps for creating a custom password policy for native password changes and ADUC password resets

  1. Go to Configuration > Self-Service > Password Policy Enforcer.
  2. From the Select the Policy drop-down menu, choose the policy to which you want to apply the password policy rules.
  3. Enable Enforce Custom Password Policy.
  4. In this section, you can manage:
    • Characters: Restrict the number of special characters, numbers, and Unicode characters used in passwords.

      Restricting characters with the ADSelfService Plus Password Policy Enforcer

      Fig. 4: Restricting characters with the ADSelfService Plus Password Policy Enforcer

    • Repetition: Restrict the consecutive repetition of a specific character or use of specific characters from the username (e.g., aaaaa or user01).

      Restricting character repetition with the ADSelfService Plus Password Policy Enforcer

      Fig. 5: Restricting character repetition with the ADSelfService Plus Password Policy Enforcer

    • Patterns: Restrict keyboard sequences, dictionary words, and palindromes.

      Restricting patterns with the ADSelfService Plus Password Policy Enforcer

      Fig. 6: Restricting patterns with the ADSelfService Plus Password Policy Enforcer

    • Length: Specify the minimum and maximum password length.

      Configuring the password length with the ADSelfService Plus Password Policy Enforcer

      Fig. 7: Configuring the password length with the ADSelfService Plus Password Policy Enforcer

  5. You can also enable users to bypass complexity requirements when the password length exceeds a predefined limit.
  6. Enter the number of policy settings the users' password must comply with during self-service password reset and password change operations.
  7. Enforce the configured password policy settings during password resets from the ADUC console and the change password screen.
  8. To help users create passwords that comply with the enforced policy settings, you can display the password policy requirement on the reset and change password pages.

You can now use ADSelfService Plus to enforce advanced password policy rules to create stronger, more secure passwords for major cloud-based and on-premises applications, including Salesforce, Zendesk, and ServiceNow.

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  •  
  • Business Email *
  •  
  • Phone *
  •  
  • Problem Description *
  •  
  • Country
  •  
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.
Highlights of ADSelfService Plus

Password self-service

Allow Active Directory users to self-service their password resets and account unlock tasks, freeing them from lengthy help desk calls.

One identity with single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications using their Active Directory credentials.

Password and account expiry notification

Intimate Active Directory users of their impending password and account expiry via email and SMS notifications.

Password synchronization

Synchronize Windows Active Directory user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.

Password policy enforcer

Strong passwords resist various hacking threats. Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements.

Directory self-update and corporate directory search

Enable Active Directory users to update their latest information themselves. Quick search features help admins scout for information using search keys like contact numbers.

« Home
Knowledge Base »

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust
Password management Adaptive MFA Enterprise SSO Self-service & security Related products