Execution of Assign-HDEOnePasswrdSyncGroup.bat


For customers who wish to synchronize user information and password information from Windows Server Active Directory on to HENNGE Access Control in the cloud.


There are two purposes for running Assign-HDEOnePasswrdSyncGroup.bat in the Active Directory.

1. To add the users targeted for synchronization into the [ HDE One Password Sync Group ] security group.

2. For Windows Server 2008R2, 2012, 2012R2 machines, the password will be hashed and stored into the [ UnixUserPassword ] attribute when the password has been reset. (Caution Point 1)


1. HENNGE Access Control allows the password to be synchronized via the [ UnixUserPassword ] attribute. However, since Microsoft has disabled the [ Unix ID Component Service ([ Unix Microsoft ID Management Component ]) feature on Windows Server 2016, HENNGE has developed a tool called DLL that is required to be installed by all Windows Server Active Directory.

How to install HDEPasswordFilter.dll on Active Directory

2.  Please perform the following procedure with a user account that has [ Domain Admins ] or [ Enterprise Admins ] permissions.

3. This article was last updated in 2019 March, and maybe revised without prior notice.


We will provide the Assign-HDEOnePasswrdSyncGroup.bat file exclusively for each customer once the users targeted for synchronization and the conditions of synchronization have been decided after the meeting.
After the file is received and executed, the users targeted for synchronization will be added to the security group [ HDE One Password Sync Group ] and will be targeted for synchronization to the cloud.


1. Please ensure that[ Unix ID Component ([ Unix Microsoft ID Manage Component ]) has already been enabled for Windows Server 2008R2, 2012, 2012R2.

2. Please copy and place the [HDEOne] folder within the [ HDEOneDirectorySyncTool ] folder provided by our consultants either in the same Windows Server machine that HENNGE Directory Sync Tool was installed on or in any Windows Server that is within the Domain Controller.

First Time Execution

1. Open the PowerShell with Admin permission.

2. Run the following command.

> cd <[HDEOne] Folder Path>
> .\Assign-HDEOnePasswrdSyncGroup.bat

For Example: 

> cd C:\work\HDEOne
> .\Assign-HDEOnePasswrdSyncGroup.bat

3. Please check the [ logs ] folder in the  [ HDEOne ] for log generated after execution.


Please ensure that [ ERROR OCCURED ] or [ command fail ] are not displayed in the log.

Regular Execution (Task Scheduler)

Each time a new user is added to the Active Directory, Assign-HDEOnePasswrdSyncGroup.bat will be needed to be executed again.

To prevent this procedure from being missed out, we will add this Assign-HDEOnePasswrdSyncGroup.bat to the Windows Task Scheduler and let it run automatically at regular time intervals.

The following procedure of adding to the Task Scheduler requires users of [ Domain Admins ] or [ Enterprise Admins ] permissions.

1. log in to the Windows Server with the [ HDEOne ] folder path.

2. Click on [ Start ] → [ Windows Management Tool ] → [ Task Scheduler ].

3. Click on [ Add Task ].

4. Click on the [ General ] tab and enter the following details.

・ [ Name ]: Any preferred Task Name
・ [ When running the task use the following user account ] : A user account that has Admin permissions
・ [ Run whether a user is logged on or not ]: Checked On
・ [ Run with highest privileges ]: Checked On

5. Click on the [ Trigger ] Tab and click on the [ New ] button.

6. Enter the following details and click on [ OK ] to save.

・ [ タスク実行の設定 ]: Daily
・ [ タスクの開始日時 ]: この設定の実施日 0:00:00
・ [ タスク実行の間隔 ]: 1 Day
・ [ Repeat task every ]: 1 Hour
・ [ タスクの継続時間 ]: 1 日間
・ [ Enabled ]: Checked On

7.  Click on the [ Actions ] Tab and click on the [ New ] button.

8. Enter the following details and click on [ OK ] to save.

・ [ Program/Script ] : Path of Assign-HDEOnePasswrdSyncGroup.bat

Was this article helpful?

Frequently Asked Questions (FAQs)