Password Sync Operational Flow
The software synchronizes user passwords with the IIJ ID Service via the following sequence.
- User changes password in an Active Directory environment.
- User's raw password is propagated randomly to some Active Directory domain controller per the Active Directory specifications.
- Password Sync, which is embedded as a password filter DLL, retrieves the raw password not yet encrypted.
- Password Sync is started on a schedule by the Windows Task Scheduler to request Active Directory for information on the user (attribute value used as the external ID).
- Password Sync checks that the user exists in the IIJ ID Service and retrieves additional information needed to update the password.
- Password Sync sends a request to the IIJ ID Service to change the user's password.