The PingDirectory server distributes the PSA in zip file format with each PingDataSync package. The initial installation of the PSA requires a system restart.
Note: The Password Sync Agent cannot be pointed at multiple domain clusters.
  1. On the domain controller, double-click the setup.exe file to start the installation.
  2. Select a folder for the PSA binaries, local database, and log files.
  3. Enter the host names (or IP addresses) and SSL ports of the PingDataSyncs, such as sync.host.com:636. Do not add any prefixes to the host names.
  4. Enter the Directory Manager distinguished name (DN) and password. This creates an ADSync user on PingDataSync.
  5. Enter a password (secret key) for the ADSync user that will be used by the PSA when connecting to the PingDataSync instances.
  6. Click Next to begin the installation. All of the specified PingDataSync servers are contacted, and any failures will roll back the installation. If everything succeeds, a message displays indicating that a restart is required. The PSA will start when the computer restarts, and the LSA process is loaded into memory. The LSA process cannot be restarted at runtime.
  7. If synchronizing pre-encoded passwords from Active Directory (AD) to a Ping Identity system, allow pre-encoded passwords in the default password policy. 
    $ bin/dsconfig set-password-policy-prop \
--policy-name "Default Password Policy" \
--set allow-pre-encoded-passwords:true