Target
For customers who wish to synchronize user information and password information from Windows Server Active Directory onto HENNGE Access Control in the cloud.
Purpose
To confirm that the users' password on the Active Directory has been saved correctly via the hashed password value stored in the UnixUserPassword attribute. The confirmation can be done via the script provided by HENNGE following the procedure below.
Caution
This article is based on the content of the product of 2019 March, and may be revised without prior notice.
Procedures
HENNGE Access Control will be able to synchronize the hashed password stored in the UnixUserPassword attribute to the cloud. If the UnixUserPassword attribute is empty, the password will not be synchronized onto the HENNGE Access Control and the user will not be able to login successfully.
Prerequisite Confirmation
Please execute the following procedure with a user in the Domain of permissions either of [ Domain Admins ] or [ Enterprise Admins ].
Confirmation
1. Prepare the client machine that has Security Group Batch prepared and login to the machine and make sure that the instructions outlined in the following article has already been performed.
Execution of Assign-HDEOnePasswrdSyncGroup.bat
2. Open the PowerShell with Admin permissions
3. Execute the following commands
> cd <path to [HDEOne] folder>
> .\Check-SyncUser.ps1
For Example:
> cd C:\work\HDEOne
> .\Check-SyncUser.ps1
4. Confirm the Execution Result
================
unixUserPassword set
================
[sAMAccountName],[UserPrincipalName],[mail]
ttsstt,,aaa@bbb.com ← users completed password reset on Active Directory
================
unixUserPassword unset
================
[sAMAccountName],[UserPrincipalName],[mail]
test,test@sample.jp ← users not completed password reset on Active Directory
unixUserPassword set user: 1 ← No. of users completed password reset on Active Directory
unixUserPassword unset user: 1 ← No. of users not completed password reset on Active Directory