Without quick action, unauthorized or inappropriate password modifications can expose sensitive data and put your organization at legal and financial risk. ADSelfService Plus, the self-service password management solution from ManageEngine, solves this problem by enabling admins to send real-time notifications to users immediately after their Active Directory (AD) passwords are changed or reset. Notifications are sent by email, SMS, or push notification as soon as a password change is detected. This allows users to quickly react to prevent further damage if a hacker has attempted to attack their account.
Users are immediately notified about changes to their passwords, whether the change was made through ADSelfService Plus’s own self-service portal or natively in Windows through the Ctrl+Alt+Del screen and Active Directory User and Computers console (password resets). A password sync agent, which comes bundled with ADSelfService Plus, takes care of notifying users about native password changes.
ADSelfService Plus, makes it easier for administrators to ensure that AD password changes are synchronized with associated IT systems and applications. The password sync agent synchronizes web-based or native AD domain password changes automatically and in real time. This helps administrators avoid the overhead of manually synchronizing passwords between a users' multiple accounts. Password synchronization also lets users maintain one identity across multiple on-premises and cloud applications, preventing password fatigue.
Besides synchronizing native AD domain password changes, and alerting users about the changes, the password sync agent also enforces the customized password policy created in ADSelfService Plus during these password changes. This AD native password sync agent comes bundled with ADSelfService Plus as an MSI file and should be installed on all the domain controllers in a configured domain.
The password sync agent functions as a background service and is continuously on the lookout for password changes. Here’s what happens when a user initiates a native password change:
Refer to this guide for more information on how to install and configure the password sync agent.
The entire process—from users changing their AD passwords to the passwords being synchronized in target systems and applications—takes less than 30 seconds. As with web-based password synchronization, native password synchronization can also be configured in such a way that it is available to only a select group of users. Users can also select which of their target accounts are to be included in the password synchronization process by linking their enterprise application accounts with ADSelfService Plus.
The real-time password synchronization feature can be used to sync native AD domain password modifications with applications like Google Workspace, Microsoft 365 (formerly Office 365), Salesforce, Zendesk, Microsoft Dynamics CRM, Zoho, IBM AS/400, HP-UX, Oracle Database, and Oracle E-Business Suite.