locked
PCNS deployment RRS feed

  • Question

  • I would like to know if we need to install PCNS on each domain controller of the source domain. Or is it sufficient to install it only on the PDC. A password change taking place in an ADC will get replicated to the PDC. Will then the PCNS installed in the PDC be able to capture such a replicated password from the ADC.

    Thanks

    Wednesday, May 6, 2009 5:36 AM

Answers

  • You have to install PCNS on each DC of domain that you want to use as source for password synchronization.

    PCNS fetches the password as it arrives on the DC and after it has been validated by password complextiy rules and other DLLs.

    /Matthias
    Wednesday, May 6, 2009 6:44 AM
  • No. PCNS works by installing a password filter dll on each DC, this intercepts password changes and resets not the replication of password changes. If you only install it on 1 DC (whether it be the PDC emulator or not) then the only password changes that will be captured are the passwords changed on that DC.

    For example if I have 3 DC's and install PCNS on one of them then I will probably receive only 1/3 of the password changes.
    David Lundell www.ilmBestPractices.com
    Wednesday, May 6, 2009 10:42 AM

All replies

  • You have to install PCNS on each DC of domain that you want to use as source for password synchronization.

    PCNS fetches the password as it arrives on the DC and after it has been validated by password complextiy rules and other DLLs.

    /Matthias
    Wednesday, May 6, 2009 6:44 AM
  • Thanks for your reply.

    Consider the scenario below:

    1. Source domain has PCNS installed on PDC and NOT on ADC.
    2. Password change takes place in ADC.
    3. Since PDC and ADC are in replication password change will be replicated to the PDC.

    In the above scenario will PCNS installed in PDC capture password replicated to the PDC from the ADC.

    Thanks,
    PD

    Wednesday, May 6, 2009 7:23 AM
  • No. PCNS works by installing a password filter dll on each DC, this intercepts password changes and resets not the replication of password changes. If you only install it on 1 DC (whether it be the PDC emulator or not) then the only password changes that will be captured are the passwords changed on that DC.

    For example if I have 3 DC's and install PCNS on one of them then I will probably receive only 1/3 of the password changes.
    David Lundell www.ilmBestPractices.com
    Wednesday, May 6, 2009 10:42 AM
  • David .. thanks for your reply

    Thursday, May 7, 2009 5:38 AM