Target
Customers who are synchronizing users and passwords between on-premises Active Directory (AD) and HENNGE Access Control using the HENNGE Directory Sync Tool are targeted.
Purpose
This document describes the procedure for changing the reference AD for the HENNGE Directory Sync Tool.
Notes
1. This article is based on the product content as of March 2024 and may be subject to change without notice due to future updates.
Detailed Procedure and Explanation
1. Stop HENNGE Directory Sync Tool
From [Administrative Tools] → [Services] on the server where the HENNGE Directory Sync Tool is installed, stop each service of [HDE One Directory Sync] and [HDE Password Sync].
※ If password synchronization is not performed, only stop [HDE One Directory Sync].
2. Change Reference AD for HENNGE Directory Sync Tool
Open the [config.ini] file located in [C:\Program Files\HDE One Directory Sync],
;; Domain information
server=
Enter the hostname or IP address of the new AD that the HENNGE Directory Sync Tool will reference in the section mentioned above and save the file.
3. Clear Registry Value (Only for Password Synchronization)
If passwords of AD users are synchronized with HENNGE Access Control,
it is necessary to clear the registry values on the server where the HENNGE Directory Sync Tool is installed.
After clearing the registry values and restarting the HENNGE Directory Sync Tool,
passwords of all users synchronized for password sync will be synchronized with HENNGE Access Control.
Subsequently, only passwords of users who have changed their passwords will be synchronized with HENNGE Access Control.
3.1. Start PowerShell on the server where the HENNGE Directory Sync Tool is installed and execute the following command.
The current registry value referenced during password synchronization by the HENNGE Directory Sync Tool will be displayed.
function calcBin($val) {
$ret =0;
for( $num = 0 ; $num -lt $val.length ; $num++) {
$ret += $val[$num] * [math]::Pow(256,$num);
}
return $ret;
}
calcBin((Get-ItemProperty -path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\HDE One Directory Sync").highestCommittedUSN)
3.2. Execute the following command in PowerShell to clear the registry value.
function calcNum2Bin($val){
$ret= new-object byte[] 8;
$mod_ori = $val;
$mod_amari=0;
$mod_int=0;
$keta=0;
while( $mod_ori -ne 0 ){
$mod_int=$mod_ori / [math]::Pow(256,$keta);
$mod_amari = $mod_ori % 256;
$ret[$keta] = $mod_amari;
$keta++;
$mod_ori = ($mod_ori - $mod_amari)/256;
}
return $ret;
}
New-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\HDE One Directory Sync" -Name highestCommittedUSN -value (calcNum2Bin(1)) -PropertyType Binary -Force
3.3. Execute the following command in PowerShell to confirm that the registry value is 1.
calcBin((Get-ItemProperty -path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\HDE One Directory Sync").highestCommittedUSN)
4. Resume HENNGE Directory Sync Tool
From [Administrative Tools] → [Services] on the server where the HENNGE Directory Sync Tool is installed, start each service of [HDE One Directory Sync] and [HDE Password Sync].
※ If password synchronization is not performed, start only [HDE One Directory Sync].
5. Check Synchronization Logs
Follow the instructions in the following help center article to log in to the HENNGE Access Control management screen. Once the management screen is displayed, select synchronization logs.
Accessing the HENNGE Access Control Management Screen (Modern View)
For details on synchronization logs, please refer to the following help center article.