Note: The Password Sync Agent cannot be pointed at multiple domain clusters.
- On the domain controller, double-click the setup.exe file to start the installation.
- Select a folder for the PSA binaries, local database, and log files.
Enter the host names (or IP addresses) and SSL ports of the PingDataSyncs, such as
sync.host.com:636. Do not add any prefixes to the host names.
Enter the Directory Manager
distinguished name (DN)and password. This creates an ADSync user on PingDataSync. distinguished name (DN) DN A name uniquely identifying an object within the hierarchy of a directory tree.
- Enter a password (secret key) for the ADSync user that will be used by the PSA when connecting to the PingDataSync instances.
- Click Next to begin the installation. All of the specified PingDataSync servers are contacted, and any failures will roll back the installation. If everything succeeds, a message displays indicating that a restart is required. The PSA will start when the computer restarts, and the LSA process is loaded into memory. The LSA process cannot be restarted at runtime.
If synchronizing pre-encoded passwords from
Active Directory (AD)to a Ping Identity system, allow pre-encoded passwords in the default password policy. Active Directory (AD) AD A directory service for Windows domain networks, included in most Windows Server operation systems.
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set allow-pre-encoded-passwords:true