Pricing  Get Quote
 
 

Reset Tools

 

Active Directory password change notification and synchronization

Without quick action, unauthorized or inappropriate password modifications can expose sensitive data and put your organization at legal and financial risk. ADSelfService Plus, the self-service password management solution from ManageEngine, solves this problem by enabling admins to send real-time notifications to users immediately after their Active Directory (AD) passwords are changed or reset. Notifications are sent by email, SMS, or push notification as soon as a password change is detected. This allows users to quickly react to prevent further damage if a hacker has attempted to attack their account.

Users are immediately notified about changes to their passwords, whether the change was made through ADSelfService Plus’s own self-service portal or natively in Windows through the Ctrl+Alt+Del screen and Active Directory User and Computers console (password resets). A password sync agent, which comes bundled with ADSelfService Plus, takes care of notifying users about native password changes.

Real-time synchronization of Windows password changes

ADSelfService Plus, makes it easier for administrators to ensure that AD password changes are synchronized with associated IT systems and applications. The password sync agent synchronizes web-based or native AD domain password changes automatically and in real time. This helps administrators avoid the overhead of manually synchronizing passwords between a users' multiple accounts. Password synchronization also lets users maintain one identity across multiple on-premises and cloud applications, preventing password fatigue.

Capabilities of the password sync agent

Besides synchronizing native AD domain password changes, and alerting users about the changes, the password sync agent also enforces the customized password policy created in ADSelfService Plus during these password changes. This AD native password sync agent comes bundled with ADSelfService Plus as an MSI file and should be installed on all the domain controllers in a configured domain.

Password synchronization process

The password sync agent functions as a background service and is continuously on the lookout for password changes. Here’s what happens when a user initiates a native password change:

Password Sync Agent

 

  • When a native password change is initiated, the password sync agent is notified by the domain controller.
  • The password sync agent captures the new password and encrypts it to ensure security.
  • The encrypted password is then passed off to ADSelfService Plus through a secure connection (HTTPS) for synchronization.
  • ADSelfService Plus synchronizes the password with the user's various linked accounts.
  • An email, SMS, or push notification is sent to the user to let them know that their password has been modified.

Refer to this guide for more information on how to install and configure the password sync agent.

The entire process—from users changing their AD passwords to the passwords being synchronized in target systems and applications—takes less than 30 seconds. As with web-based password synchronization, native password synchronization can also be configured in such a way that it is available to only a select group of users. Users can also select which of their target accounts are to be included in the password synchronization process by linking their enterprise application accounts with ADSelfService Plus.

The real-time password synchronization feature can be used to sync native AD domain password modifications with applications like Google Workspace, Microsoft 365 (formerly Office 365), Salesforce, Zendesk, Microsoft Dynamics CRM, Zoho, IBM AS/400, HP-UX, Oracle Database, and Oracle E-Business Suite.

Benefits:

  • Policy-based password synchronization capability: Admins can choose to enable password synchronizations for users belonging to specific AD groups and organizational units.
  • Reduced password fatigue: Synchronization of AD domain passwords allows users to maintain one password across multiple accounts. This reduces password fatigue.
  • Immediate threat detection: The password change notifications are real time and automatic, and help users and admins take notice to alleviate the effects of password misuse.

Notify users of password changes and synchronize their passwords across enterprise account

Get Your Free Trial  

ADSelfService Plus trusted by