List of published manuals

List of manuals for contractors

IIJ ID Service Password Sync Manual [Windows Active Directory]

Usage Precautions

Read and understand the following section before using the software.

Domains That Must be Allowed Access to Use Password Sync

If URL access is restricted via proxy servers or other means, allow the following domains to enable use of Password Sync.

  • auth.iij.jp (443/TCP)
User Creation by Directory Sync

Before deploying the software for the first time, make sure that Active Directory users have been synchronized with the IIJ ID Service by Directory Sync. Also, the users must change their password at least once before they start using the IIJ ID Service. Users must also already exist in the IIJ ID Service to have user passwords synchronized by Active Directory.

When a new user is created in Active Directory in environments using both Directory Sync and Password Sync, passwords will not be synchronized until the next synchronization process of each program. Refer to "Password Synchronization Timing" for more information.

Installing Password Sync

Password Sync must be installed in all Active Directory domain controllers.

Passwords of some users may not be synchronized with the IIJ ID Service if Password Sync has not been installed to all domain controllers.

Password Character Restrictions

Multi-byte characters cannot be used in passwords that will be synchronized.

Password Change Failures

Password change requests that fail to reach the IIJ ID Service cannot be reissued. As such, corresponding passwords may not be synchronized with the IIJ ID Service whenever password change request failures occur.

Failure entries will be output to the event log whenever a password synchronization fails. Change the password again for such users when this happens.

Expiration date of an access token

If the access token set to Password Sync has expired, synchronization with the IIJ ID Service will be failed.

Refer to "Updating Access Tokens" in the IIJ ID Service Online Manual [For Administrators] for how to check the expiration date of an access token and how to update access tokens.

Using an Older Version of the Software

IIJ will not be liable for any issues related to old versions of this software 6 months after an update of this software is released.