Synchronizing Passwords between Windows Server 2008 R2 forest RRS feed

  • Question

  • Hi all, I need to synchronize passwords, from forestA to a forest B.

    Both forests are Windows Server 2008 R2.

    synchronize passwords would only for selected users. I've never done this project and would need a little guidance to start.

    The timing should be unidirectional, only forest A to forest B, for selected users


    Microsoft Certified IT Professional Server Administrator

    Monday, March 4, 2013 4:11 PM


  • Hi-

    You can do this pretty easily with FIM. You'll need to configure a pair of AD Management Agents - one for forest A and one for forest B. You'd want to have the Forest A one configured to 'Project' users and the Forest B one configured to 'Join' on whatever attribute(s) link users between the two forests. You'll need to flow those attributes in to the metaverse from Forest A and Forest B. Set your Metaverse object deletion rule for person to delete the object when the Forest A connector is disconnected.

    Once you do this, install the PCNS on your domain controllers in Forest A and configure it with the command line tool. There is an option in there to filter passwords sent to FIM just to a group of users. You'll also need to enable Password Sync in the Tools>Options dialog in FIM Sync.

    My Book - Active Directory, 4th Edition
    My Blog -

    Monday, March 4, 2013 6:18 PM
  • There are guides available that were published for MIIS 2003.  Not much has changed with regards to Password Synchronization since then and they are a great place to start.

    Implementing the Automated Password Synchronization Solution - Step-by-Step

    Automated Password Synchronization Solution Guide for MIIS 2003

    Good luck!


    Monday, March 4, 2013 8:25 PM

All replies