Note: The Password Sync Agent cannot be pointed at multiple domain clusters.
- On the domain controller, double-click the setup.exe file to start the installation.
- Select a folder for the PSA binaries, local database, and log files.
Enter the host names (or IP addresses) and SSL ports of the PingDataSyncs, such as
sync.host.com:636. Do not add any prefixes to the host names.
- Enter the Directory Manager DN and password. This creates an ADSync user on PingDataSync.
- Enter a password (secret key) for the ADSync user that will be used by the PSA when connecting to the PingDataSync instances.
- Click Next to begin the installation. All of the specified PingDataSyncs are contacted, and any failures will roll back the installation. If everything succeeds, a message displays indicating that a restart is required. The PSA will start when the computer restarts, and the LSA process is loaded into memory. The LSA process cannot be restarted at runtime.
If synchronizing pre-encoded passwords from Active Directory to a Ping Identity
system, allow pre-encoded passwords in the default password policy.
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set allow-pre-encoded-passwords:true