locked
Password sync between 2 forests RRS feed

  • Question

  • Hi.

    We have a problem with a limitaion with pcns. We have two domains in two forests. We want to syncronize password without setting up a two way trust. Is there a way to do this today or is there some software updates in near future that would help? I heard that the Oxford Computer Group maybe have made a product to help with this problem.

    Monday, June 5, 2006 8:41 AM

Answers

  • You can synchronize passwords one-way between the forests without trust, as long as MIIS and PCNS live in the same forest together.

    For example, you want to synchronize accounts in Forest A to Forest B. You would install PCNS and MIIS in Forest A together, and configure them to synchronize both the accounts and passwords to Forest B. The credentials provided in the MIIS Management Agent for Forest B take care of authentication without the trust requirement.

    MIIS has no support for bi-directional synchronization of passwords.

    Tuesday, June 6, 2006 9:27 PM

All replies

  • You can synchronize passwords one-way between the forests without trust, as long as MIIS and PCNS live in the same forest together.

    For example, you want to synchronize accounts in Forest A to Forest B. You would install PCNS and MIIS in Forest A together, and configure them to synchronize both the accounts and passwords to Forest B. The credentials provided in the MIIS Management Agent for Forest B take care of authentication without the trust requirement.

    MIIS has no support for bi-directional synchronization of passwords.

    Tuesday, June 6, 2006 9:27 PM
  • Oxford has done work to overcome the trust issue but we currently do not sell it as a product, only as a services engagement.

    -Craig

    Tuesday, June 6, 2006 10:30 PM
  • Ok, thank you for your answers. I hope MS in later versions would implement sync both way with no trust.
    Tuesday, June 6, 2006 10:35 PM