Questions on password synchronization!
In cross-forest user AD information synchronization environment, if the source domain password enabled "Store passwords using reversible encryption", if you can not use PCNS will password synchronization is successful?There is no fate but what we make
December 15th, 2010 7:06am
FIM or PCNS does not read passwords from AD DS directly.
PCNS is a hook into the API traffic that is generated by a user's attempt to change a password.
As such, it is a mandatory component for password synchronization to work.
Cheers,
MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2010 8:03am
This means that, in addition to using PCNS, there is no other solution can solve the problem of password synchronizationThere is no fate but what we make
December 15th, 2010 8:11am
Not from us - there are third party solutions though.
Cheers,
MakrusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2010 8:43am
If the source domain user password is synchronized through the ADMT tool,For example: the user password (source domain 1)---> ADMT---> user password (source domain 2)---> FIM(PCNS)---> user password (target domain);
In this case, through the ADMT password change synchronization over whether to trigger the PCNS password synchronization?
There is no fate but what we make
December 15th, 2010 8:55am
If the source domain user password is synchronized through the ADMT tool,For example: the user password (source domain 1)---> ADMT---> user password (source domain 2)---> FIM---> user password (target domain);
In this case, through the ADMT password change synchronization over whether to trigger the PCNS password synchronization?There is no fate but what we make
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2010 8:55am
If the source domain user password is synchronized through the ADMT tool,For example: the user password (source domain 1)---> ADMT---> user password (source domain 2)---> FIM---> user password (target domain);
In this case, through the ADMT password change synchronization over whether to trigger the PCNS password synchronization?There is no fate but what we make
December 15th, 2010 8:55am
This won't trigger the PCNS. The entry-point where PCNS hooks in gets a plain text password. ADMT ships a hash over so there's no actual password to grab.My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2010 10:23am
There are other solutions for password synchronization, Do not need the user to modify password?There is no fate but what we make
December 16th, 2010 2:44pm