CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Issue/Introduction
I have a query about password sync agent for IM.
Can I enable the Password Sync Agent for multiple END point ( Active Directory ) ?
When I do the configuration it will ask me for END point. And there is not option to select the multiple end points.
Suppose I have 3 domain controllers, do I need to deploy the password sync agent on all three of them ?
Environment
Release: Component: IDMGR
Resolution
The documentation here specifies only 1 Endpoint to be configured :
Synchronizing Passwords on Endpoints
"If you have the Password Sync Agent installed on a managed endpoint, you need to manually enable the checkbox on the Endpoint object to indicates that the Password Sync Agent is installed."
According to the following Knowledge Document, you should configure the agent password sync on each end point :
How does the mechanism for password capturing an endpoint password change and propagate it to global user, corporate user and other accounts work.
"You will need to install a Password Synchronization Agent ( aka PSync Agent ) on your endpoint. The PSync Agent is specific to each endpoint and is intercepting passwords changed on the endpoint. "
Further, according to this next knowledge document, you should set the password sync agent on all domain controllers where password are allowed to be set / reset.
Which Domain Controllers should I install Password Sync Agents on?
"Password Sync Agents are required to be installed only on DCs where passwords are allowed to be set/reset."
[...]
"you really do not need to install the Password Sync Agent software on any domain controller that isn't allowing direct password resets."