I have a query about password sync agent for IM.
Can I enable the Password Sync Agent for multiple END point ( Active
Directory ) ?
When I do the configuration it will ask me for END point. And there
is not option to select the multiple end points.
Suppose I have 3 domain controllers, do I need to deploy the password
sync agent on all three of them ?
Release:
Component: IDMGR
The documentation here specifies only 1 Endpoint to be configured :
Synchronizing Passwords on Endpoints
"If you have the Password Sync Agent installed on a managed
endpoint, you need to manually enable the checkbox on the Endpoint
object to indicates that the Password Sync Agent is installed."
https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/password-management/synchronizing-passwords-on-endpoints
According to the following Knowledge Document, you should configure
the agent password sync on each end point :
How does the mechanism for password capturing an endpoint password
change and propagate it to global user, corporate user and other
accounts work.
"You will need to install a Password Synchronization Agent ( aka PSync
Agent ) on your endpoint. The PSync Agent is specific to each endpoint
and is intercepting passwords changed on the endpoint. "
https://comm.support.ca.com/kb/how-does-the-mechanism-for-password-capturing-an-endpoint-password-change-and-propagate-it-to-global-user-corporate-user-and-other-accounts-work/kb00005028010:29:09
Further, according to this next knowledge document, you should set the
password sync agent on all domain controllers where password are
allowed to be set / reset.
Which Domain Controllers should I install Password Sync Agents on?
"Password Sync Agents are required to be installed only on DCs where
passwords are allowed to be set/reset."
[...]
"you really do not need to install the Password Sync Agent software
on any domain controller that isn't allowing direct password resets."
https://comm.support.ca.com/kb/which-domain-controllers-should-i-install-password-sync-agents-on/kb000050277