search cancel

Configure Password Sync Agent to disallow Active Directory password changes while your Provisioning Server of Identity Manager is offline


Article ID: 33550


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On



This is a walk through of the configuration changes necessary to prevent users from changing their Active Directory passwords when your Provisioning Server is unreachable. By default, if the Provisioning Server is unavailable, users will still be allowed to change their passwords.



1. On the system that has Password Sync Agent installed, go to the following path: C:\Program Files\CA\eTrust Admin Password Sync Agent\data

*Please note that this is the default installation path.


2. Open the file eta_pwdsync.conf using an editor program such as notepad.


3. Search for the following text: out_of_sync


4. Ensure that the out_of_sync variable is set to no. The line in the file should look like this: out_of_sync=no


Additional Information: 

Please note that this needs to be done for every domain controller on your network.


Release: CAIDMB99000-12.6.7-Identity Manager-B to B