Target
For customers who wish to synchronize user information and password information from Windows Server Active Directory on to HENNGE Access Control in the cloud.
Purpose
To add the users targeted for synchronization into the [ HDE One Password Sync Group ] security group.
Cautions
1. HENNGE Access Control allows the password to be synchronized via the [ UnixUserPassword ] attribute. However, since Microsoft has disabled the [ Unix ID Component Service ([ Unix Microsoft ID Management Component ]) feature on Windows Server 2016, HENNGE has developed a tool called DLL that is required to be installed by all Windows Server Active Directory.
How to install HDEPasswordFilter.dll on Active Directory
2. Please perform the following procedure with a user account that has [ Domain Admins ] or [ Enterprise Admins ] permissions.
3. This article was last updated in 2024 May, and maybe revised without prior notice.
Procedures
We will provide the Assign-HDEOnePasswrdSyncGroup.bat file exclusively for each customer once the users targeted for synchronization and the conditions of synchronization have been decided after the meeting.
After the file is received and executed, the users targeted for synchronization will be added to the security group [ HDE One Password Sync Group ] and will be targeted for synchronization to the cloud.
Pre-confirmation Items
1. This procedure assumes execution on the domain controller terminal of Active Directory.
2. If executing this procedure on a Windows Server terminal other than the Active Directory domain controller terminal, you need to install the Active Directory module for Windows PowerShell from [Add Roles and Features] in Server Manager of the respective Windows Server terminal beforehand.
Initial Execution
1. Copy the [HDEOne] folder from the [HDEOneDirectorySyncTool] folder provided along with the batch file to the C drive root of the terminal where you want to install HENNGE Directory Sync Tool or to any C drive root of a domain controller.
※ If copying to the C drive root is difficult, place it in a path without spaces.
2. Launch PowerShell as Administrator
3. Execute the following commands
> cd <[Path to the HDEOne folder]>
> .\Assign-HDEOnePasswrdSyncGroup.bat
Example:
> cd C:\HDEOne
> .\Assign-HDEOnePasswrdSyncGroup.bat
4. Check the execution logs output to the [logs] folder in the [HDEOne] folder
・log_assign_group.yyyy-mm-dd-hhmmss.xxxx.main.txt
・log_assign_group.yyyy-mm-dd-hhmmss.xxxx.sub.txt
Make sure there are no occurrences of [ERROR OCCURRED] or [command fail].
Scheduled Execution Configuration
When adding a user to Active Directory, it is necessary to execute Assign-HDEOnePasswrdSyncGroup.bat each time.
To prevent omission of the procedure, it is recommended to schedule the periodic execution of Assign-HDEOnePasswrdSyncGroup.bat in Windows Task Scheduler.
Note that this procedure should be performed by a user with [Domain Admins] or [Enterprise Admins] permissions in the respective domain.
1. Log in to the terminal where the [HDEOne] folder is copied.
2. Open [Task Scheduler] from [Start] → [Windows Administrative Tools].
3. Click [Create Task].
4. Enter the following items on the [General] tab:
・[Name]: Any task name
・[User account to run the task with]: User with administrative privileges
・[Run with highest privileges]: Check
・[Run whether user is logged on or not]: Check
5. Click [Triggers] tab, then click [New].
6. Enter the items as follows and click [OK].
・[Begin the task]: Daily
・[Start]: 0:00:00 of the implementation date of this setting
・[Repeat task every]: 1 day
・[Repeat every]: 1 hour
・[For a duration of]: 1 day
・[Enabled]: Check
7. Click [Actions] tab, then click [New].
8. Enter the items as follows and click [OK].
・[Program/script]: Path to Assign-HDEOnePasswrdSyncGroup.bat