This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Learn More

Remove From My Forums

Password Sync between two AD Forest

Question
0

Sign in to vote

Hi,

I make a Forest trust between two AD Forest. Old forest 2003, new forest 2012 R2. I migrated all users with ADMT enabling SID history. All users migrated can browse a share in old forest successfully.

I have many services (ex radius) on old forest that I can migrate only when all 300 computers are migrated in new forest.

In this transitive phase, i need absolutely keep all users passwords in two forest sync.

Which is the best way to accomplish this goal ? Exist a free product/script to schedule ?

Thank you and best regards..

Thursday, December 22, 2016 10:28 AM

All replies

0

Sign in to vote

Hi,

just curious - why you need password synchronization?
Trusts between domains and SID history allows you to access all resources between domains.
As far as I know there are no free products for this task. You can look for FIM or another similar product, but it is not free.
Also passwords are stored in hash and you cannot just 'copy' it with some script.

Thursday, December 22, 2016 11:28 AM
0

Sign in to vote

use ADMT again just syncing passwords

Thursday, December 22, 2016 11:32 AM
0

Sign in to vote

I need to keep both forest up for many month because there are many clients to migrate. Many services such wifi autentication , radius, vpn must migrate latest. During this process the users in two forest must have equal password

Thank you

Thursday, December 22, 2016 1:11 PM
0

Sign in to vote

There are no free tool for that. But may be you can use free trial version of the "Quest Quick Connect Express"

Thursday, December 22, 2016 1:31 PM
0

Sign in to vote

Hi Marco,

Please refer below link

https://blog.thesysadmins.co.uk/admt-series-4-password-export-server.html
Regards, Nidhin.CK

Thursday, December 22, 2016 2:14 PM
0

Sign in to vote

Thanks but the password exporter work only manually and in one-way. I need a tool that work automatically when user password change and in two-way.

The FIM is very big suite e more complex to deploy. Another lite tool?

Thursday, December 22, 2016 4:07 PM
0

Sign in to vote
Since passwords can't be read into clear text format, synchronizing the password is diffcult task and it can be achieved only using tools which is mostly paid.

Anyway please check below tool from Quest/Dell

One Identity Quick Connect Express for AD

http://documents.software.dell.com/one-identity-quick-connect-express-for-ad/5.5/release-notes/dell-one-identity-quick-connect-express-for-active-directory-5-5-0/about-one-identity-quick-connect-express-for-active-directory-5-5-0

One Identity Quick Connect Express for Active Directory allows you to perform the following operations on external data systems:

•

Provision users

•

Update identity data

•

Deprovision users

•

Synchronize passwords between two Active Directory domains or from a source Active Directory domain to another connected system

Regards, Nidhin.CK
- Edited by Nidhin CK Thursday, December 22, 2016 4:52 PM More Info
- Proposed as answer by Jay Gu Friday, December 30, 2016 1:10 AM
Thursday, December 22, 2016 4:47 PM
0

Sign in to vote

Hi,

Are there any updates?

Best Regards,

Jay
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Friday, December 30, 2016 1:11 AM