Usage Precautions

Read and understand the following section before using the software.

User Creation by Directory Sync

Before deploying the software for the first time, make sure that Active Directory users have been synchronized with the IIJ ID Service by Directory Sync. Also, the users must change their password at least once before they start using the IIJ ID Service. Users must also already exist in the IIJ ID Service to have user passwords synchronized by Active Directory.

When a new user is created in Active Directory in environments using both Directory Sync and Password Sync, passwords will not be synchronized until the next synchronization process of each program. Refer to "Password Synchronization Timing" for more information.

Installing Password Sync

Password Sync must be installed in all Active Directory domain controllers.

Passwords of some users may not be synchronized with the IIJ ID Service if Password Sync has not been installed to all domain controllers.

Password Character Restrictions

Multi-byte characters cannot be used in passwords that will be synchronized.

Password Change Failures

Password change requests that fail to reach the IIJ ID Service cannot be reissued. As such, corresponding passwords may not be synchronized with the IIJ ID Service whenever password change request failures occur.

Failure entries will be output to the event log whenever a password synchronization fails. Change the password again for such users when this happens.