Target
Customers who perform user synchronization and password synchronization from Active Directory to HENNGE Access Control are the target audience.
Purpose
This document describes the procedure for installing the HENNGE Directory Sync Tool.
Notes
1. For installation requirements of the HENNGE Directory Sync Tool, refer to [HENNGE Directory Sync Tool] within the following Help Center article.
HENNGE One Operating Environment
2. This article is based on the content of the product as of February 2024 and may be subject to change without notice due to future updates.
Detailed Procedure and Explanation
When using the HENNGE Directory Sync Tool, please follow the steps below. For Microsoft Entra Connect settings and synchronization, please refer to the information at the end of this page.
1. [Administrator Task] Organizing Users on Active Directory
Use the HENNGE Directory Sync Tool to organize information for users scheduled to be synchronized to HENNGE Access Control. Similarly, organize information for users regarding Microsoft Entra Connect synchronization.
For details, please refer to Organizing Users on Active Directory.
2. [Administrator Task / Requires Restart / Only for Password Synchronization] Install HDEPasswordFilter.dll on all Domain Controllers
Install the HDEPasswordFilter.dll (DLL file) provided by us on all domain controllers where Active Directory functions.
By installing this file, when a user changes their password, the hashed password will be entered into the UnixUserPassword attribute of the user object.
By recording a value in the UnixUserPassword attribute, password changes can be detected, allowing synchronization of the new password to HENNGE Access Control.
This DLL file can be downloaded from the management screen (Modern View) of HENNGE Access Control. Note that restarting the domain controller is required during this process.
For details, please refer to Installing HDEPasswordFilter.dll on all Domain Controllers (WS 2016 or later).
※ After completing this task, it is acceptable to request the execution of task 7 from end users.
3. [Administrator Task] Install HENNGE Directory Sync Tool
Install the HENNGE Directory Sync Tool on domain controllers where Active Directory functions or on computers belonging to Active Directory domains.
By installing the HENNGE Directory Sync Tool, you can synchronize user object information on Active Directory with HENNGE Access Control.
This tool can be downloaded from the management screen (Modern View) of HENNGE Access Control.
For details, please refer to Installing the HENNGE Directory Sync Tool.
4. [Administrator Task] Create API Client for Executing HENNGE Directory Sync Tool
Obtain information for the API client to be included in the config.ini file to be placed in task 5. The information for the API client can be obtained by creating a new API client from the management screen (Modern View) of HENNGE Access Control.
For details, please refer to Creating API Client for Executing HENNGE Directory Sync Tool.
5. [Administrator Task] Initial Placement of HENNGE Directory Sync Tool Configuration File config.ini
Place the config.ini file, which is the configuration file for enabling the HENNGE Directory Sync Tool to function according to your individual environment, on the computer where the HENNGE Directory Sync Tool is installed.
This config.ini file will be provided by HENNGE personnel.
For details, please refer to Initial Placement of HENNGE Directory Sync Tool Configuration File config.ini.
6. [Administrator Task] Execution of Assign-HDEOnePasswrdSyncGroup.bat
By placing user objects to be synchronized in the security group HDE One Password Sync Group using the Assign-HDEOnePasswrdSyncGroup.bat file, necessary users for user synchronization and password synchronization will be extracted.
For details, please refer to Execution of Assign-HDEOnePasswrdSyncGroup.bat.
7. [End User Task / Only for Password Synchronization] Password Change for User Objects to be Synchronized
Change the password once for the user objects to be synchronized to HENNGE Access Control. This change will input the hashed password into the UnixUserPassword attribute of the user object.
8. [Administrator Task / Only for Password Synchronization] Confirmation of Password Settings for Synchronized User Passwords
Confirm that the password change performed in task 7 has been executed for all user objects synchronized to HENNGE Access Control.
For details, please refer to Confirmation of Password Settings for Synchronized User Passwords.
9. [Administrator Task] Execution of HENNGE Directory Sync Tool
Perform periodic execution of user object information synchronization and password synchronization.
User object information synchronization is performed by a service called HDE One Directory Sync, and password synchronization is performed by a service called HDE One Password Sync, so these services are targeted for periodic execution.
After this task is completed, user object information will be synchronized from Active Directory to HENNGE Access Control every 2 hours by default, and passwords will be synchronized every 3 minutes.
For details, please refer to Execution of HENNGE Directory Sync Tool.
※[Administrator Task / Optional at any time after task 2] Configuration of Microsoft Entra Connect (formerly: Azure AD Connect) and Start of User Synchronization and Password Synchronization
To synchronize user information and passwords from Active Directory to Microsoft 365, use Microsoft Entra Connect (formerly: Azure AD Connect) provided by Microsoft.
For information on configuring Microsoft Entra Connect and how to synchronize users and passwords, please contact Microsoft.