Include
- This article is intended for customers who perform user dry run and synchronization and password dry run and synchronization from Active Directory to Access Control.
Purpose
- This article describes the procedure for installing the HENNGE Directory Sync Tool.
Notes
- For the installation requirements of the HENNGE Directory Sync Tool, please refer to [HENNGE Directory Sync Tool] in the following Help Center article.
HENNGE One supported - This article is based on the product as of January 2026, and may be changed without notice due to future updates.
Procedure
To use the HENNGE Directory Sync Tool, please follow the steps below.
For information on Microsoft Entra Connect configuration and dry run and synchronization, please refer to the information at the end of this page.
[Admin Task] Organize Users in Active Directory
Use the HENNGE Directory Sync Tool to organize the information of users who are scheduled to be dry run and synchronized to Access Control. Similarly, organize user information for Microsoft Entra Connect dry run and synchronization.
For details, please refer to Organize Users in Active Directory.
[Admin Task / Requires Reboot / Only When Performing Password Synced] Install HDEPasswordFilter.dll on All Domain Controllers
Install the HDEPasswordFilter.dll (DLL file) provided by us on all domain controllers where Active Directory is running.
By installing this file, when a user changes their password, a hashed password will be stored in the UnixUserPassword attribute of the user object.
When a value is recorded in the UnixUserPassword attribute, password changes can be detected and the new password can be dry run and synchronized to Access Control.
This DLL file can be downloaded from the Access Control admin screen (modern view). Please note that a reboot of the domain controller is required when performing this task.
For details, please refer to Install HDEPasswordFilter.dll on All Domain Controllers (WS 2016 and later).
* After completing this task, you may request end users to change the password of user objects to be dry run and synchronized.
[Admin Task] Install HENNGE Directory Sync Tool
Install the HENNGE Directory Sync Tool on a domain controller where Active Directory is running, or on a computer that belongs to the Active Directory domain.
By installing the HENNGE Directory Sync Tool, you will be able to dry run and synchronize user object information from Active Directory to Access Control.
This tool can be downloaded from the Access Control admin screen.
For details, please refer to Install HENNGE Directory Sync Tool.
[Admin Task] Install Root Certificate for Operation
Install the root certificate required for the operation of the HENNGE Directory Sync Tool.
For details, please refer to HENNGE Directory Sync Tool Root Certificate Installation Procedure.
[Admin Task] Create API Client for Running HENNGE Directory Sync Tool
Obtain the API client information to be described in the config.ini file, which will be placed during the initial setup of the HENNGE Directory Sync Tool configuration file config.ini.
The API client information can be obtained by creating a new API client from the Access Control admin screen (modern view).
For details, please refer to Create API Client for Running HENNGE Directory Sync Tool.
[Admin Task] Initial Setup of HENNGE Directory Sync Tool Configuration File config.ini
Place the config.ini configuration file, which enables the HENNGE Directory Sync Tool installed during the installation of the HENNGE Directory Sync Tool, to function according to your individual environment, on the computer where the HENNGE Directory Sync Tool is installed.
This config.ini file will be provided by your HENNGE representative.
For details, please refer to Initial Setup of HENNGE Directory Sync Tool Configuration File config.ini.
[End User Task / Only When Performing Password Synced] Change Password of User Objects to be Synced
Change the password once for user objects to be dry run and synchronized to Access Control. By making this change, a hashed password will be stored in the UnixUserPassword attribute of the user object.
※If you are using Microsoft Entra Connect for synchronization, changing a user object's password may trigger a re-authentication requirement for Microsoft 365 apps. Please contact Microsoft for further details.
[Admin Task / Only When Performing Password Synced] Confirm Password Settings for Users to be Synced
Confirm that the password change performed in Change Password of User Objects to be Synced has been executed for all user objects to be dry run and synchronized to Access Control.
For details, please refer to Confirm Password Settings for Users to be Synced.
[Admin Task] Run HENNGE Directory Sync Tool
Perform regular dry run and synchronization of user object information and password dry run and synchronization.
User object information dry run and synchronization is performed by the HDE One Directory Sync service, and password dry run and synchronization is performed by the HDE One Password Sync service, so these services should be set to run regularly.
After performing this task, by default, user object information will be dry run and synchronized from Active Directory to Access Control every 2 hours, and passwords will be dry run and synchronized every 3 minutes.
For details, please refer to Run HENNGE Directory Sync Tool.
* [Admin Task / Can be performed at any time after installing HDEPasswordFilter.dll on all domain controllers] Configure Microsoft Entra Connect (formerly Azure AD Connect) and Start User and Password Dry Run and Synchronization
To dry run and synchronize user information and passwords from Active Directory to Microsoft 365, use Microsoft Entra Connect (formerly Azure AD Connect) provided by Microsoft.
For information on how to configure Microsoft Entra Connect and how to perform user and password dry run and synchronization, please contact Microsoft.