The following article describes the procedures that are needed to be performed when customers change the reference Active Directory (AD) that HENNGE Access Control is synchronized with. The AD will usually synchronize account information and password information form to the HENNGE Access Control on the cloud.

The procedures consist of 5 steps:

1) Stop the HENNGE Synchronization Tool
2) Change to reference AD of the HENNGE Synchronization Tool
3) Reset the Registry value (Only for password sync)
4) Start the HENNGE Synchronization Tool
5) Check the Sync Log

1) Stop the HENNGE Synchronization Tool

On the AD machine on which HENNGE Synchronization Tool is installed on, go to the "Management Tools"  > "Services" and find the "HDE One Directory Sync" and "HDE Password Sync" and stop these services.
※Stop only the "HDE One Directory Sync" if password synchronization is not enabled.

2) Change to reference AD of the HENNGE Synchronization Tool

Find the "config.ini" file in the "C:\Program Files\HDE One Directory Sync" path and open it.
;; Domain information
server=
Please change the server part above from the previous IP Address/Host name to the new IP Address/Host name of the new AD server.

3) Reset the Registry value (Only for password sync)

When the value on the AD, where the HENNGE Access Control Synchronization Tool is installed on, is needed to be cleared.

After the AD's Registry value is reset and the HENNGE Password Sync is restarted, all of the users will have the password synchronized to the cloud. After that, the password will be synchronized to the cloud whenever updated.

☆ 1 - Run the following PowerShell command on the AD that the HENNGE Sync Tool was installed on and show the current Registry value.

function calcBin($val) {
$ret =0;
for( $num = 0 ; $num -lt $val.length ; $num++) {
$ret += $val[$num] * [math]::Pow(256,$num);
}
return $ret;
}

calcBin((Get-ItemProperty -path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\HDE One Directory Sync").highestCommittedUSN)

☆ 2 - Run the following PowerShell command to reset the Registry value.

function calcNum2Bin($val){
$ret= new-object byte[] 8;
$mod_ori = $val;
$mod_amari=0;
$mod_int=0;
$keta=0;
while( $mod_ori -ne 0 ){
$mod_int=$mod_ori / [math]::Pow(256,$keta);
$mod_amari = $mod_ori % 256;
$ret[$keta] = $mod_amari;
$keta++;
$mod_ori = ($mod_ori - $mod_amari)/256;
}
return $ret;
}

New-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\HDE One Directory Sync" -Name highestCommittedUSN -value (calcNum2Bin(1)) -PropertyType Binary -Force

☆ 3 - Run the following PowerShell command to ensure that the Registry value has been reset to 1.

calcBin((Get-ItemProperty -path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\HDE One Directory Sync").highestCommittedUSN)

4) Start the HENNGE Synchronization Tool

On the AD machine in which HENNGE Synchronization Tool is installed on, go to the "Management Tools"  > "Services" and find the "HDE One Directory Sync" and "HDE Password Sync" and start these services.
※Start only the "HDE One Directory Sync" if password synchronization is not enabled.

5) Check the Sync Log

Please confirm the synchronization log in the HENNGE Access Control Admin Console to ensure that the synchronization is running smoothly.

https://ap.ssso.hdems.com/yourdomain/<yourdomain>

※Please replace the <yourdomain> part with your custom main domain.