Configure Password Sync Agent to disallow Active Directory password changes while your Provisioning Server of Identity Manager is offline

book

Article ID: 33550

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Summary: 

This is a walk through of the configuration changes necessary to prevent users from changing their Active Directory passwords when your Provisioning Server is unreachable. By default, if the Provisioning Server is unavailable, users will still be allowed to change their passwords.

 

Instructions: 

1. On the system that has Password Sync Agent installed, go to the following path: C:\Program Files\CA\eTrust Admin Password Sync Agent\data

*Please note that this is the default installation path.

 

2. Open the file eta_pwdsync.conf using an editor program such as notepad.

 

3. Search for the following text: out_of_sync

 

4. Ensure that the out_of_sync variable is set to no. The line in the file should look like this: out_of_sync=no

 

Additional Information: 

Please note that this needs to be done for every domain controller on your network.

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component: