Password Sync Agent Installation
Introduction
Password Synchronization allows end users to use a single identity, subject to a single password policy, across various systems and applications. ADSelfService Plus has a robust password synchronization technique that now supports even the native Windows password changes using the Password Sync Agent.
The Password Sync Agent, when installed on the domain controllers in your domain, intercepts native password changes (e.g.: password change via Ctrl+Alt+Del screen or password reset by admins in ADUC console), encrypts the new passwords, and automatically synchronizes them with multiple systems and applications.
How it works
- When a native password change is initiated, the Password Sync Agent is notified by the domain controller.
- The Password Sync Agent captures the new password, encrypts it, and then sends it to ADSelfService Plus for synchronization along with a one-time code generated by the access key.
- The ADSelfService Plus server verifies the authenticity of the one-time code with the access key information, and upon successful verification, synchronizes the password with the user's various linked accounts.
- In case the server on which ADSelfService Plus is running can't be reached, then the agent waits till the server becomes available, and then sends the encrypted password for synchronization.
Installation
This section includes information about the prerequisites for installing the Password Sync Agent, followed by the installation steps, as well as guidance for making changes, and upgrading or reinstalling the Password Sync Agent.
Prerequisites
- The Password Sync Agent must be installed on all the domain controllers in a domain, including the primary domain controller.
- It is essential that the domain controllers where the Password Sync Agent needs to be installed are added to the list of configured domains in ADSelfService Plus.
- The domain controllers should have the Microsoft.NET Framework version 4.8 installed. To download Microsoft.NET framework version 4.8, click here.
- Make sure the Message Queuing service is enabled and is running before starting the installation of the Password Sync Agent.
Installation Steps
- Install the Password Sync Agent by running the ManageEnginePasswordSyncAgent.msi file with administrative privileges, i.e, Run as administrator. (Location: <installation_folder>\bin\ )
- In the installation wizard that appears, click Next. Select the Protocol (http or https) used in ADSelfService Plus.
- Enter the IP address and Port Number of the server on which ADSelfService Plus is installed.
- In the Access key field, paste the Access Key provided in the ADSelfService Plus portal. You can obtain the access key from Configuration→Administrative tools→GINA/Mac/Linux (Ctrl+Alt+Del)→Password Sync Agent Installation. Click Next.
- Once the installation is complete you must restart the domain controller for the agent to start working.
Note: By default, the password sync agent will be installed in the following location:
In 64-bit systems - C:\Program Files (x86)\ZOHO Corp\Password Sync Agent
In 32-bit systems - C:\Program Files\ZOHO Corp\Password Sync Agent
Making changes to the Password Sync Agent
The Password Sync Agent connects with ADSelfService Plus using the IP address, port number and access key details provided during installation. In the event that you have given incorrect details during installation, moved ADSelfService Plus to a new server, regenerated the access key, or updated any Password Policy Enforcer settings, then the changes must be reflected on the password sync agent for it to work properly. The details can be changed by following the steps given below:
- Right-click the Password Sync Agent icon on the System tray and select Edit Settings.
- The Edit Settings dialog box will open.
- Enter the Server Name / IP Address, Port Number, Access key and Protocol (HTTPS/HTTP).
Note: If you enable or modify any password policy setting in the Password Policy Enforcer tab (Configuration> Self-Service> Password Policy Enforcer), simply right-click the Password Sync Agent icon on the System tray and select Edit Settings. Do not modify the field values and click Save.
- Click Save.
- The new details will be updated in the Password Sync Agent.
Note: Every time you regenerate the access key, make sure to update the new access key in the Password Sync Agent. In order to regenerate the access key, navigate to Configuration→Administrative tools→GINA/Mac/Linux (Ctrl+Alt+Del)→Password Sync Agent Installation and click Regenerate Access Key.
Upgrading or reinstalling the Password Sync Agent
To upgrade the Password Sync Agent to a newer version or to reinstall the agent on an existing machine, follow the steps listed below:
- Uninstall the Password Sync Agent from the Control Panel.
- Install the Password Sync Agent using the new MSI file.
Note: Do not repair the Password Sync Agent directly using the new MSI file.
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try onboarding