When synchronizing passwords with Active Directory systems, PingDataSync Server requires that the Ping Identity Password Sync Agent (PSA) be installed on all domain controllers in the synchronization topology. This component provides real-time outbound password synchronization from Microsoft Active Directory to any supported Sync Destinations.
For outbound password synchronization from a PingDirectory Server to Active Directory, enable the Password Encryption component. See Configure password encryption for more information.
The PSA supports failover between servers. It caches the hashed password changes in a local database until it can be guaranteed that all PingDataSync Servers in the topology have received them. The failover features enable any or all of the PingDataSync Servers to be taken offline without losing any password changes from Active Directory.
The PSA is safe to leave running on a domain controller indefinitely. To stop
synchronizing passwords, remove the userPassword
attribute mapping in
PingDataSync Server, or stop the server. The PSA will not allow its local cache of
password changes to grow out of control; it automatically cleans out records from its
local database as soon as they have been acknowledged. It also purges changes that have
been in the database for more than a week.
- Make sure that the Active Directory domain controller has SSL enabled and running.
- Make sure the PingDataSync Servers are configured to accept SSL connections when communicating with the Active Directory host.
- At least one Active Directory Sync Source (ADSyncSource) needs to be configured on PingDataSync Server and should point to the domain controller(s) on which the PSA will reside.
- At the time of installation, all PingDataSync Servers in the sync topology must be online and available.
- The PSA component is for outbound-only password synchronization from the Active Directory Systems. It is not necessary if performing a one-way password synchronization from the PingDirectory Server to the Active Directory server.