MIM: Password sync to cloud application? RRS feed

  • Question

  • "Utilizes the password change notification service (PCNS) to capture password changes from Active Directory and propagate them to other connected data sources" from the Microsoft website (

    My question: What do they mean by "connected data source"? Do they mean the password sync is only done to the on-premise applications or can be also done to the cloud applications?

    Cheers, Manon.

    Friday, May 18, 2018 5:19 AM

All replies

  • The "connected data source" is the data source that a given management agent is connected to.

    PCNS is for AD. It intercepts the password set from a domain controller and does something with it. In the case of the PCNS agent that is installed on domain controllers, it encrypts the password to a key (created/added at agent setup) and sends it to a central service (specified at agent setup, the MIM sync service. I'm not sure if the interface specification is publicly available, but I don't see why another installable agent couldn't be used for a different service as long as it sent the same data to the same endpoint.  It would also require a management agent for the cloud application that is both aware of password change notification and is programmed with however the cloud service accepts password changes.

    Saturday, June 2, 2018 3:10 PM