Pricing  Get Quote
 
 

How to synchronize passwords between two Active Directory domains?

One of the most common issues in dealing with multiple Active Directory domains is handling different sets of passwords. Be it for domain migrations or maintaining separate domains for desktop login and Exchange mail box access, users have to handle different passwords for each domain. This would complicate user password management and result in an increase in the number of password-related tickets, eventually affecting overall productivity.

This article will show how you can synchronize passwords between two or more AD domains using ADSelfService Plus.

Steps involved:

  • Log in to the ADSelfService Plus web-console as an administrator.
  • Navigate to Configuration → Self-Service → Password Sync/Single Sign On.
  • From the list of all applications, select the Active Directory tile.
  • In the configuration page, for the Domain Name field, select the AD domain to which passwords need to be synchronized.
  • Provide a suitable description.
  • In order to synchronize the passwords for a specific set of users (HR, admins, managers, or others), select the required OU or group-based policies from the Associate Policies drop-down list.

    Note: You can create multiple OU and group-based policies in ADSelfService Plus that define the self-service features accessible to different users.

    For example, if you wish to synchronize the passwords of all managers in your organization between two domains say, manageengine.com and america.manageengine.com, then select america.manageengine.com as Domain Name and the policy associated with managers in manageengine.com from the Associate Policies drop-down list. In this example, password changes in the manageengine.com domain will get reflected in the america.manageengine.com domain.

  • Configuring password sync between two AD domains
    Configuring password sync between two AD domains

  • Click Save.

User account linking

Linking user accounts between domains is essential for password synchronization to work. By default, user accounts will be automatically linked based on the SAMAccountName AD attribute. ADSelfService Plus also allows you to link user accounts based on any attribute of your choice.

  • Click on the Account Linking button in the top right corner of the Password Sync/Single Sign page.
  • For the Select a Provider field, choose Active Directory from the drop-down list.
  • In the System field, specify the domain that will be initiating password synchronization.
  • Enable the Auto Account Linking option.
  • In the Select Account Attribute field, choose the AD attribute based on which you need the user accounts to be linked for password synchronization. For example, you can select from employeeID, userPrincipalName, or other attributes to link accounts and synchronize passwords.

    Selecting account attribute
    Selecting account attribute

  • Click Save.

Like this tip? Get the most out of ADSelfService Plus by checking out more tips and tricks here.

 

Request Support

Need further assistance? Fill this form, and we'll contact you rightaway.

Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management