Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Synchronizing Passwords between Windows Server 2008 R2 forest

Answered Synchronizing Passwords between Windows Server 2008 R2 forest

  • Monday, March 04, 2013 4:11 PM
     
     
    Sign In to Vote
    0

    Hi all, I need to synchronize passwords, from forestA to a forest B.

    Both forests are Windows Server 2008 R2.

    synchronize passwords would only for selected users. I've never done this project and would need a little guidance to start.

    The timing should be unidirectional, only forest A to forest B, for selected users

    regards

    Microsoft Certified IT Professional Server Administrator

     

All Replies

  • Monday, March 04, 2013 6:18 PM
    Moderator
     
     Answered
    Sign In to Vote
    1

    Hi-

    You can do this pretty easily with FIM. You'll need to configure a pair of AD Management Agents - one for forest A and one for forest B. You'd want to have the Forest A one configured to 'Project' users and the Forest B one configured to 'Join' on whatever attribute(s) link users between the two forests. You'll need to flow those attributes in to the metaverse from Forest A and Forest B. Set your Metaverse object deletion rule for person to delete the object when the Forest A connector is disconnected.

    Once you do this, install the PCNS on your domain controllers in Forest A and configure it with the command line tool. There is an option in there to filter passwords sent to FIM just to a group of users. You'll also need to enable Password Sync in the Tools>Options dialog in FIM Sync.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

     
  • Monday, March 04, 2013 6:22 PM
     
     
    Sign In to Vote
    0
    thanks for reply Brian, do you have any guide or something to make the configuration steps in detail?

    thank you very much

    Microsoft Certified IT Professional Server Administrator

     
  • Monday, March 04, 2013 6:23 PM
    Moderator
     
     
    Sign In to Vote
    0
    No, I don't.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

     
  • Monday, March 04, 2013 8:25 PM
     
     Answered
    Sign In to Vote
    1

    There are guides available that were published for MIIS 2003.  Not much has changed with regards to Password Synchronization since then and they are a great place to start.

    Implementing the Automated Password Synchronization Solution - Step-by-Step

    http://technet.microsoft.com/en-us/library/cc720654(v=WS.10).aspx

    Automated Password Synchronization Solution Guide for MIIS 2003

    http://technet.microsoft.com/en-us/library/cc720589(v=WS.10).aspx

    Good luck!

    -Ryan