Password Sync Operational Flow

The software synchronizes user passwords with the IIJ ID Service via the following sequence.

  1. User changes password in an Active Directory environment.
  2. User's raw password is propagated randomly to some Active Directory domain controller per the Active Directory specifications.
  3. Password Sync, which is embedded as a password filter DLL, retrieves the raw password not yet encrypted.
  4. Password Sync is started on a schedule by the Windows Task Scheduler to request Active Directory for information on the user (attribute value used as the external ID).
  5. Password Sync checks that the user exists in the IIJ ID Service and retrieves additional information needed to update the password.
  6. Password Sync sends a request to the IIJ ID Service to change the user's password.