Password Sync
Password Sync is a software module that synchronizes Active Directory user passwords with the IIJ ID Service.
Using Password Sync automatically synchronizes user passwords with the IIJ ID Service whenever Active Directory users change their passwords.
Differences between Password Sync and Directory Sync
The differences between Password Sync and Directory Sync are as follows.
| Option | Directory Sync (Windows version) | Password Sync |
|---|---|---|
| Overview | Synchronizes Active Directory users and groups with the IIJ ID Service | Synchronizes Active Directory user passwords with the IIJ ID Service when they have changed their passwords |
| Synchronization targets | "Users" and "Groups" | "Passwords" of users |
| Module installation destination | Environment in which LDAP communication can be established with respect to Active Directory It does not have to be a terminal with domain participation. | All Active Directory domain controllers |
| OS | Windows Server environment | |
| Users who execute the module | Users who satisfy all of the following conditions:
| Not specified (cannot be specified) because Password Sync is executed by the LSA process |
| Connection users to AD | Users who satisfy all of the following conditions:
| Users who satisfy all of the following conditions:
|
| Connection users to IIJ ID | ID Administrator of the IIJ ID Service | |
| Synchronization interval | OS Task Scheduler function | |
| Synchronization method | Extraction of changes (differential data) | Capture of raw passwords using the Password Filter mechanism for Active Directory |
| Communication method | HTTPS/443 communication to the IIJ ID Service | |
| Logs | Writing data in Windows event logs | |