Adding the UNIX ID Component to all Domain Controllers (For 2012/2012R2)

Target

For customers who wish to synchronize user and password information from Windows Server 2012/2012R2 Active Directory to HENNGE Access Control.

Purpose

For all the Windows Server 2012/2012 R2 running in the Active Directory and requiring password to be synchronized to the HENNGE Access Control, all of the Active Directory Domain Controller will need to have the Unix ID Component Service/Feature enabled.
After this operation, the next time the password was reset, the password will be hashed and stored in the UnixUserPassword attribute and the hashed password can be synchronized to the HENNGE Access Control on cloud.

Caution

1. This operation requires the domain controller to be restarted at the end of the procedure.

2. All of the domain controller is required to perform this setup.

3. For the user within the domain, please ensure that this user has the [ Domain Admins ] or the [ Enterprise Admins ] permission to perform this procedure.

4. This article was last updated on 2019 March.

Procedures

1. Startup PowerShell with Administrator Permissions.

2. Run the three following commands in PowerShell.

> Dism.exe /online /enable-feature /featurename:adminui /all
> Dism.exe /online /enable-feature /featurename:nis /all
> Dism.exe /online /enable-feature /featurename:psync /all

・Although PowerShell will request to restart after each command, please restart the AD only after the third command.

For Example: 

> Dism.exe /online /enable-feature /featurename:adminui /all

Deployment Image Servicing and Management (DISM)
Version: 6.2.9200.16384

Image Version: 6.2.9200.16384

Enabling feature(s)
[==========================100.0%==========================]

The operation completed successfully.
Please restart the Windows to finish the operation.
Restart the system now? (Y/N) N
PS C:\Users\Administrator> Dism.exe /online /enable-feature /featurename:nis /all

Deployment Image Servicing and Management (DISM)
Version: 6.2.9200.16384

Image Version: 6.2.9200.16384

 
Enabling feature(s)
[==========================100.0%==========================]

The operation completed successfully.
Please restart the Windows to finish the operation.
Restart the system now? (Y/N) N
PS C:\Users\Administrator>
PS C:\Users\Administrator> Dism.exe /online /enable-feature /featurename:psync /all

Deployment Image Servicing and Management (DISM)
Version: 6.2.9200.16384

Image Version: 6.2.9200.16384

Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.
Please restart the Windows to finish the operation.
Restart the system now? (Y/N) Y

3. Open the "Server Manager"

4. Click "Tool" then choose "Microsoft Identity Management for UNIX"

Picture1.png

5.Click "Password Synchronization" and choose "Properties".

Picture2.png

6.Click "Generate key" and click "Configuration" tab button.

Picture3.png

7.Check "Enable" in "Windows to NIS (Active Directory) Password Sync" and click "OK".

 Picture4.png

8.Choose the domain from "Server For NIS" and right click to select "Properties".

Picture5.png

9.Select "md5" for "Encryption Scheme" and click "OK" button.

Picture6.png

 

          
Was this article helpful?

Frequently Asked Questions (FAQs)