Install the password sync agent
About this task
The PingDirectory server distributes the PSA in zip file format with each PingDataSync package. The initial installation of the PSA requires a system restart. Perform the following steps to install the PSA: NOTE: The Password Sync Agent cannot be pointed at multiple domain clusters.
Steps
-
On the domain controller, double-click the
setup.exe
file to start the installation. -
Select a folder for the PSA binaries, local database, and log files.
-
Enter the host names (or IP addresses) and SSL ports of the PingDataSyncs, such as
sync.host.com:636
. Do not add any prefixes to the host names. -
Enter the Directory Manager distinguished name (DN) and password. This creates an ADSync user on PingDataSync.
-
Enter a password (secret key) for the ADSync user that will be used by the PSA when connecting to the PingDataSync instances.
-
Click Next to begin the installation. All of the specified PingDataSyncs are contacted, and any failures will roll back the installation. If everything succeeds, a message displays indicating that a restart is required. The PSA will start when the computer restarts, and the LSA process is loaded into memory. The LSA process cannot be restarted at runtime.
-
If synchronizing pre-encoded passwords from Active Directory (AD) to a Ping Identity system, allow pre-encoded passwords in the default password policy.
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set allow-pre-encoded-passwords:true