Password sync agent


Article ID: 103383


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


I have a query about password sync agent for IM.

Can I enable the Password Sync Agent for multiple END point ( Active
Directory ) ?

When I do the configuration it will ask me for END point. And there
is not option to select the multiple end points.

Suppose I have 3 domain controllers, do I need to deploy the password
sync agent on all three of them ?


Component: IDMGR


The documentation here specifies only 1 Endpoint to be configured :

  Synchronizing Passwords on Endpoints

  "If you have the Password Sync Agent installed on a managed
   endpoint, you need to manually enable the checkbox on the Endpoint
   object to indicates that the Password Sync Agent is installed."

According to the following Knowledge Document, you should configure
the agent password sync on each end point :

  How does the mechanism for password capturing an endpoint password
  change and propagate it to global user, corporate user and other
  accounts work.

  "You will need to install a Password Synchronization Agent ( aka PSync
   Agent ) on your endpoint. The PSync Agent is specific to each endpoint
   and is intercepting passwords changed on the endpoint.  "

Further, according to this next knowledge document, you should set the
password sync agent on all domain controllers where password are
allowed to be set / reset.

  Which Domain Controllers should I install Password Sync Agents on?

  "Password Sync Agents are required to be installed only on DCs where
   passwords are allowed to be set/reset."


  "you really do not need to install the Password Sync Agent software
   on any domain controller that isn't allowing direct password resets."