Hi, I'm looking at a problem at the moment where there is a desire to have users who may have multiple AD accounts across domains who will want to be able to change their password from either and have it sync to the other (as well as some other targets but there's no problem there). The problem is that you can't set an AD Domain as both a Target and a Source for PCNS because it will result in an endless loop. Can AD Policies help here? Something like setting the password only able to be reset once an hour? Will PCNS timeout and quit the loop or does it just keep going up against something like that? Someone suggested re-writing PCNS. I admit I'm a little ignorant here. Would this be a large undertaking to re-write PCNS? It seems to be just one .dll, but who knows what's in there! And even if I had the means to have it re-written, would it even be possible to accomodate what I'm trying to do? That is, sync both ways across two domains for the same user. Do MS release the source for .dlls like this? I've had a bit of a search around but haven't found too much. Are there any resources you'd recommend to investigate this sort of thing? Thanks for any help, Dan

I've never heard of anyone re-writing the PCNS DLL that Microsoft provides. That sounds like an unsupported solution. The best solution is to choose one domain that is authoritative for passwords and tell users to change that password and it will synchronize everywhere else. We have AD synchronize passwords with our Live@edu (Hotmail) accounts, and it is a one-way sync out to the cloud. We have a web site set up for our students and staff to change and reset their (AD) passwords and it gets sent where it needs to. In the MA configuration for password sync there is a way to limit the number of password sync events that can be processed in a day. I believe the default is 10. It is meant as a safety mechanism to prevent the endless loop you mention. We only have one domain/forest so I've never even tried configuring two AD MAs to both be sources and targets to even know if it lets you or not.