Target
Customers who synchronize users and passwords from Windows Server Active Directory to Access Control
Purpose
Use the script provided by us to verify that the user's Active Directory password has been reset and that a value is set in the UnixUserPassword attribute.
Notes
- This article is based on the product as of July 2026 and may be changed without notice due to future updates.
- Access Control achieves password synchronization by obtaining the hashed password stored in the UnixUserPassword attribute.
If there is no value in the UnixUserPassword attribute, password synchronization cannot be performed, and users will not be able to log in to Access Control. - This procedure must be executed by a user with Domain Admins or Enterprise Admins role in the relevant domain.
Procedure
1. Log in to the device where the HENNGE Directory Sync Tool is installed.
2. Refer to the following article to download the UnixUserPassword check script [CheckUnixUserPassword.ps_] from the Access Control Administration.
Active Directory Sync Tool Download Procedure
3. Move the [CheckUnixUserPassword.ps_] file downloaded in step 2 to the following folder and change the extension from .ps_ to .ps1.
C:\Program Files\HDE One Directory Sync4. Launch PowerShell as an administrator and execute the following commands.
cd C:\Program Files\HDE One Directory Sync.\CheckUnixUserPassword.ps15. Check the execution results and confirm that the passwords of the synced users have been changed.
===========================
ldapfilter
===========================
'(&(mail=*@sample.jp)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectClass=user))'
===========================
searchBase
===========================
'OU=test,DC=abc,DC=hennge,DC=com'
================
unixUserPassword set
================
[sAMAccountName],[UserPrincipalName],[mail]
user001,user001@sample.jp,user001@sample.jp ← User with unixUserPassword set
================
unixUserPassword unset
================
[sAMAccountName],[UserPrincipalName],[mail]
user002,user002@sample.jp,user002@sample.jp ← User without unixUserPassword set
unixUserPassword set user: 1 ← Number of users with unixUserPassword set
unixUserPassword unset user: 1 ← Number of users without unixUserPassword set