Confirm on the Synchronization User Password Configuration

Target

For customers who wish to synchronize user information and password information from Windows Server Active Directory onto HENNGE Access Control in the cloud.

Purpose

To confirm that the users' password on the Active Directory has been saved correctly via the hashed password value stored in the UnixUserPassword attribute. The confirmation can be done via the script provided by HENNGE following the procedure below.

Caution

This article is based on the content of the product of 2019 March, and may be revised without prior notice.

Procedures

HENNGE Access Control will be able to synchronize the hashed password stored in the UnixUserPassword attribute to the cloud. If the UnixUserPassword attribute is empty, the password will not be synchronized onto the HENNGE Access Control and the user will not be able to login successfully.

Prerequisite Confirmation

Please execute the following procedure with a user in the Domain of permissions either of [ Domain Admins ] or [ Enterprise Admins ].

Confirmation

1. Prepare the client machine that has Security Group Batch prepared and login to the machine and make sure that the instructions outlined in the following article has already been performed.

Execution of Assign-HDEOnePasswrdSyncGroup.bat

2. Open the PowerShell with Admin permissions

3. Execute the following commands

> cd <path to [HDEOne] folder>
> .\Check-SyncUser.ps1

For Example: 

> cd C:\work\HDEOne
> .\Check-SyncUser.ps1 

4. Confirm the Execution Result

================
unixUserPassword set
================
[sAMAccountName],[UserPrincipalName],[mail]
ttsstt,,aaa@bbb.com      ← users completed password reset on Active Directory

================
unixUserPassword unset
================
[sAMAccountName],[UserPrincipalName],[mail]
test,test@sample.jp       ← users not completed password reset on Active Directory

unixUserPassword set user: 1   ← No. of users completed password reset on Active Directory
unixUserPassword unset user: 1  ← No. of users not completed password reset on Active Directory

 

          
Was this article helpful?