The PingDirectory Server distributes the PSA in zip file format with each PingDirectory Server package. The initial installation of the PSA requires a system restart. Perform the following steps to install the PSA:
Note: The Password Sync Agent cannot be pointed at multiple domain clusters.
  1. On the domain controller, double-click the setup.exe file to start the installation.
  2. Select a folder for the PSA binaries, local database, and log files.
  3. Enter the host names (or IP addresses) and SSL ports of the PingDirectory Servers, such as Do not add any prefixes to the host names.
  4. Enter the Directory Manager DN and password. This creates an ADSync user on PingDirectory Server.
  5. Enter a password (secret key) for the ADSync user that will be used by the PSA when connecting to the PingDirectory Server instances.
  6. Click Next to begin the installation. All of the specified PingDirectory Servers are contacted, and any failures will roll back the installation. If everything succeeds, a message displays indicating that a restart is required. The PSA will start when the computer restarts, and the LSA process is loaded into memory. The LSA process cannot be restarted at runtime.
  7. If synchronizing pre-encoded passwords from Active Directory to a Ping Identity system, allow pre-encoded passwords in the default password policy.
    $ bin/dsconfig set-password-policy-prop \
    --policy-name "Default Password Policy" \
    --set allow-pre-encoded-passwords:true