Login
    Contenu x
    Use Password Synchronization Manager
    • 22 Oct 2024
    • 9 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Use Password Synchronization Manager

    • Mis à jour le 22 Oct 2024
    • 9 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Work with password filter configurations

    A password filter configuration defines which settings apply to the password filter on a domain controller. The same configuration can be assigned to different password filters, i.e. different instances of Password Synchronization Manager installed on different domain controllers. A password filter only uses one configuration. Password Synchronization Manager on a domain controller cannot be enabled unless a configuration is assigned to it.

    Usually, you will create a particular configuration and then assign it to one or more servers.

    PSM Remote Configuration Manager requires remote registry access to modify password filter configurations on your domain controllers. If you experience issues while remotely accessing your configurations, verify that the Remote Registry service is properly configured. For more information, see Pre-installation settings and tasks.

    You can save the settings of a password filter configuration to a configuration template for later re-use.

    Password filter configurations are stored on and retrieved from the domain controllers. They are not stored anywhere else, except for configuration templates. If you create a configuration but do not assign it to a server, and quit PSM Remote Configuration Manager, it will be discarded and will not appear in the configurations list when PSM Remote Configuration Manager is started again.

    You can manage configurations via the Configuration Explorer and the server list.

    To create a new configuration

    1. Select Configurations in the configurations tree.

    2. Select New configuration from the shortcut menu.

      -OR-

      Select Configuration > New from the menu bar.

      The New Configuration dialog appears.

      Figure: Create new configuration

    3. Type a unique label for the new password filter configuration.

      Create remains disabled until you type a unique label.

    4. Select the newly created password filter configuration in the configurations tree and configure the password filter configuration settings in the configuration pane.

    To create a new configuration from a configuration template

    1. Select Configurations in the configurations tree.

    2. Select New configuration from file from the shortcut menu.

      -OR-

      Select Configuration > New from file from the menu bar.

    3. Select the configuration template.

      The New Configuration dialog appears.

    4. Type a label for the new password filter configuration.

      By default, the configuration label saved in the configuration template is used.

      Create remains disabled until you type a unique label.

    To assign a configuration to a server

    1. Select Configurations in the configurations tree.

    2. Select one or more servers in the server list.

    3. Select Assign configuration from the shortcut menu.

      -OR-

      Select Server > Assign configuration from the menu bar.

      The Assign Configuration dialog appears.

      Figure: Assign configuration

    4. Select the password filter configuration to assign in the Configuration list.

    5. (OPTIONAL) Select Enable disabled server when assigning this configuration to automatically enable Password Synchronization Manager on domain controllers. Clear this option to assign the password filter configuration, but leave Password Synchronization Manager disabled.

    6. Click Assign.

      The password filter configuration is assigned to the selected servers.

    To modify a configuration

    1. Select the password filter configuration to modify in the configurations tree.

    2. Modify the password filter configuration settings in the configuration pane.

      You can load the settings from a configuration template. Click Load settings in the configuration pane and select the respective template file. The configuration settings (except for the configuration label) are imported from the file.

    3. Click Apply.

      The modified password filter configuration is applied to all servers that have it assigned.

      If the modified password filter configuration cannot be applied to a server, e.g. because the domain controller is currently offline, that domain controller keeps its current password filter configuration. In this case the configuration tree will contain two password filter configurations with the same name: the modified password filter configuration (with the domain controllers having it successfully assigned) and the original password filter configuration (with the remaining domain controllers).

      You may assign the modified password filter configuration to the remaining domain controllers when they are online again.

    To save configuration settings as a configuration template

    1. Select the password filter configuration you want to save as configuration template in the configurations tree.

    2. Select Configuration > Save from the menu bar.

    3. Specify the file name for the configuration template.

    To unassign a configuration from a server

    1. Select the password filter configuration you want to unassign from a server in the configurations tree.

    2. Select one or more servers in the server list.

    3. Select Unassign configuration from the shortcut menu.

      -OR-

      Select Server > Unassign configuration from the menu bar.

      The password filter configuration is unassigned from the selected servers.

    To delete a configuration

    1. Select the password filter configuration in the configurations tree.

    2. Select Delete from the shortcut menu.

      -OR-

      Select Configuration > Delete from the menu bar.

      The password filter configuration is unassigned from all servers that have it assigned. If no more server has the password filter configuration assigned, the password filter configuration is deleted.

    If the password filter configuration cannot be unassigned from at least one server, e.g. because the password filter does not have write access to the server or the server is offline, it is not deleted and remains in the configurations tree.

    Enable and disable Password Synchronization Manager

    When you install Password Synchronization Manager, it is disabled by default. Disabled means that password changes are not synchronized and may be denied depending on the Allow password changes when password filter is disabled option. If you enable Password Synchronization Manager, password changes are synchronized according to the effective configuration.

    To enable Password Synchronization Manager

    1. Select one or more servers in the server list.

    2. Select Enable from the shortcut menu.

      -OR-

      Select Server > Enable from the menu bar.

      Password Synchronization Manager is enabled on the selected servers. If the password filter does not have write access to the server or the server is offline, Password Synchronization Manager cannot be enabled.

    To disable Password Synchronization Manager

    1. Select one or more servers in the server list.

    2. Select Disable from the shortcut menu.

      -OR-

      Select Server > Disable from the menu bar.

      Password Synchronization Manager is disabled on the selected servers. If the password filter does not have write access to the server or the server is offline, Password Synchronization Manager cannot be disabled.

    Work with the server list

    The server list contains all servers (domain controllers) managed by PSM Remote Configuration Manager. By default, the server list is empty after startup. You can add servers either manually or by having PSM Remote Configuration Manager automatically search for servers.

    The managed servers are added to a hierarchical list in the Configuration Explorer, grouped by the assigned configurations. The server list displays all servers of the group selected in the Configuration Explorer. If you select Configurations in the Configuration Explorer, the server list displays all servers.

    Figure: PSM Remote Configuration Manager – server list

    Search servers

    PSM Remote Configuration Manager can search domains and servers using three different methods:

    • Search globally using the global catalog

    • Search particular domains using Lightweight Directory Access Protocol (LDAP) or the global catalog (GC)

    • Search using the Computer Browser service

    If the search using Lightweight Directory Access Protocol (LDAP) or the global catalog is without any result or has issues, verify that LDAP and/or global catalog access is possible. For more information, see the Password Synchronization Manager Installation Guide.

    To search globally using the global catalog

    • Select Server > Search global catalog from the menu bar.

      PSM Remote Configuration Manager queries the global catalog server for all known domains and domain controllers using Global Catalog Lightweight Directory Access Protocol (Global Catalog LDAP). It includes all parent, child, and trusted domains in the search.

      PSM Remote Configuration Manager adds all servers found to the server list. The servers currently in the server list remain in the list.

    To search a particular domain

    1. Select Server > Search domain from the menu bar.

      The Search Domain dialog appears.

      Figure: Search particular domain

    2. Type the domain name to search.

      Enter the Fully Qualified Domain Name (FQDN) or the NETBIOS name of the domain. Alternatively, you can enter the FQDN, NETBIOS name, or the IP address of a server in that particular domain.

    3. Select the protocol to use for the search in the Protocol list.

      • If you select LDAP, only the specified domain is searched using Lightweight Directory Access Protocol (LDAP).

      • If you select Global Catalog LDAP, the global catalog of the specified domain is searched using Global Catalog Lightweight Directory Access Protocol (Global Catalog LDAP).

      Select Follow links to trusted domains to include the global catalog of trusted domains in the search, if trusted domains exist.

    4. (OPTIONAL) Specify user credentials required to connect to the domain.

      If you do not explicitly specify user credentials, PSM Remote Configuration Manager uses the credentials of the user currently logged on.

    5. Click Search.

    6. PSM Remote Configuration Manager adds all servers found to the server list. The servers currently in the server list remain in the list.

    To search with the Computer Browser service

    • Select Server > Search CBS from the menu bar.

      PSM Remote Configuration Manager searches the network using the Computer Browser service and adds all servers found to the server list. The servers currently in the server list remain in the list.

    If the search using the Computer Browser service is without any result, verify that computer browsing is enabled. For more information, see the Password Synchronization Manager Installation Guide.

    If the local computer running PSM Remote Configuration Manager has Password Synchronization Manager installed, it is added to the server list, regardless of whether or not it is a domain controller, and independently of the search method.

    Add servers manually

    If you want to configure a server which is not in the list and cannot be found by the server search but which you know is online, you can add that particular server to the list manually.

    To add a server to the server list manually

    1. Select Server > Add from the menu bar.

      The Add Server dialog appears.

      Figure: Add a server

    2. Type the hostname or the IP address of the domain controller you want to add and click Search.

      PSM Remote Configuration Manager verifies the server by trying to establish a connection to it.

    3. Click Add.

      Add remains disabled until you type a valid hostname or IP address of a server that can be found and connected to via remote registry.

    Save and load the server list

    You can save the actual server list to disk, so you do not need to search the complete network again but only to refresh the server status the next time you start PSM Remote Configuration Manager.

    The server list only saves the server names and network addresses, but not the assigned configurations. These are dynamically refreshed when loading the server list.

    To save the server list

    • Select Server > Save server list from the menu bar.

    To load the server list

    • Select Server > Load server list from the menu bar.

      After the server list has been loaded, PSM Remote Configuration Manager automatically refreshes the server status. Servers in the server list that are no longer available remain in the list.

      You can configure automatic loading and saving of the server list via the PSM Remote Configuration Manager application settings.

    Log on with another user

    By default, PSM Remote Configuration Manager uses the local user account to connect to remote servers. If the current user does not have any or not enough privileges to connect to and manage a remote server, you can use other user credentials.

    To connect with another user

    1. Select the server(s) you need to connect to in the server list.

    2. Select Server > Log on with another user from the menu bar.

      The Windows Security dialog appears.

    3. Type the credentials for the other user account.

      The credentials provided are used for all future status updates of the particular server(s).

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle