Tech Tip : CA Single Sign-On : Password sync agent 

Discussion created by Patrick-Dussault Employee on Jun 26, 2018
Latest reply on Jun 29, 2018 by Welington.Strutz.82300703



I have a query about password sync agent for IM.

Can I enable the Password Sync Agent for multiple END point ( Active
Directory ) ?

When I do the configuration it will ask me for END point. And there
is not option to select the multiple end points.

Suppose I have 3 domain controllers, do I need to deploy the password
sync agent on all three of them ?




The documentation here specifies only 1 Endpoint to be configured :

Synchronizing Passwords on Endpoints

"If you have the Password Sync Agent installed on a managed
endpoint, you need to manually enable the checkbox on the Endpoint
object to indicates that the Password Sync Agent is installed."

According to the following Knowledge Document, you should configure
the agent password sync on each end point :

How does the mechanism for password capturing an endpoint password
change and propagate it to global user, corporate user and other
accounts work.

"You will need to install a Password Synchronization Agent ( aka PSync
Agent ) on your endpoint. The PSync Agent is specific to each endpoint
and is intercepting passwords changed on the endpoint. "

Further, according to this next knowledge document, you should set the
password sync agent on all domain controllers where password are
allowed to be set / reset.

Which Domain Controllers should I install Password Sync Agents on?

"Password Sync Agents are required to be installed only on DCs where
passwords are allowed to be set/reset."


"you really do not need to install the Password Sync Agent software
on any domain controller that isn't allowing direct password resets."

KB : KB000103383