One of the most common issues when dealing with multiple Active Directory domains is handling different sets of passwords. Be it for domain migrations or maintaining separate domains for desktop login and Exchange mailbox access, users have to handle different passwords for each domain. This complicates user password management and results in an increase in the number of password-related tickets, eventually affecting overall productivity.
Managing users' passwords in a large environment is tedious. Add to that the task of managing password changes across multiple domains, and it becomes even more challenging for administrators. The solution lies in synchronizing password changes across multiple domains.
ADSelfService Plus' Password Synchronization feature replicates changes made to a domain user's password to their user accounts in other Active Directory domains and even in enterprise applications like Google Workspace (formerly G Suite) and Office 365. ADSelfService Plus' Password Sync Agent goes a step further and synchronizes the native password changes made through the Ctrl+Alt+Del screen and password resets made by administrators using the Active Directory Users and Computers console.
Linking user accounts between domains is essential for password synchronization to work. By default, user accounts will be automatically linked based on the sAMAccountName AD attribute. ADSelfService Plus also allows you to link user accounts based on any attribute of your choice.
To link accounts automatically, you have to specify a source attribute, which is composed of one or more attributes in AD, and a target attribute from the enterprise application. When a user resets or changes a password, the modification is synchronized only when the target attribute value matches the source attribute value.
Steps to link users' accounts automatically:
If manual linking is enabled, users can link their AD domain accounts themselves by entering the credentials of the domain account with which they want to link their primary domain account. For example, if they want to sync passwords from their user account in Domain A to their account in Domain B, they need to:
Steps to enable manual account linking:
Once the user accounts between the two domains are successfully linked, when a user accesses ADSelfService Plus for the first time, only their user account in the domain that initiates the password synchronization will consume an ADSelfService Plus license. Their linked user account in the other domain to which the passwords are synchronized will not consume a license. For example, consider Domain A with 1,000 user accounts that are linked to 1,000 user accounts in Domain B for password synchronization. When users from Domain A reset or change their passwords and the new passwords are synchronized with Domain B, only the user accounts in Domain A will consume a license. Domain B accounts will not consume any licenses.
Need further assistance? Fill this form, and we'll contact you rightaway.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.