Initial Setup
Target
For customers who wish to synchronize user and password information from Windows Server 2012/2012R2 Active Directory to HENNGE Access Control.
Purpose
For all the Windows Server 2012/2012 R2 running in the Active Directory and requiring passwords to be synchronized to the HENNGE Access Control, all of the Active Directory Domain Controller will need to have the Unix ID Component Service/Feature enabled.
After this operation, the next time the password was reset, the password will be hashed and stored in the UnixUserPassword attribute and the hashed password can be synchronized to the HENNGE Access Control on the cloud.
Caution
1. This operation requires the domain controller to be restarted at the end of the procedure.
2. All of the domain controllers are required to perform this setup.
3. For the user within the domain, please ensure that this user has the [ Domain Admins ] or the [ Enterprise Admins ] permission to perform this procedure.
4. This article is based on the product content of March 2019. May be revised without prior notice due to subsequent update or specification change.
Procedures
1. Startup PowerShell with Administrator Permissions.
2. Run the three following commands in PowerShell.
> Dism.exe /online /enable-feature /featurename:adminui /all
> Dism.exe /online /enable-feature /featurename:nis /all
> Dism.exe /online /enable-feature /featurename:psync /all
・Although PowerShell will request to restart after each command, please restart the AD only after the third command.
For Example:
> Dism.exe /online /enable-feature /featurename:adminui /all
Deployment Image Servicing and Management (DISM)
Version: 6.2.9200.16384
Image Version: 6.2.9200.16384
Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.
Please restart the Windows to finish the operation.
Restart the system now? (Y/N) N
PS C:\Users\Administrator> Dism.exe /online /enable-feature /featurename:nis /all
Deployment Image Servicing and Management (DISM)
Version: 6.2.9200.16384
Image Version: 6.2.9200.16384
Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.
Please restart the Windows to finish the operation.
Restart the system now? (Y/N) N
PS C:\Users\Administrator>
PS C:\Users\Administrator> Dism.exe /online /enable-feature /featurename:psync /all
Deployment Image Servicing and Management (DISM)
Version: 6.2.9200.16384
Image Version: 6.2.9200.16384
Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.
Please restart the Windows to finish the operation.
Restart the system now? (Y/N) Y
3. Open the "Server Manager"
4. Click "Tool" then choose "Microsoft Identity Management for UNIX".
5.Click "Password Synchronization" and choose "Properties".
6.Click "Generate key" and click "Configuration" tab button.
7.Check "Enable" in "Windows to NIS (Active Directory) Password Sync" and click "OK".
8.Choose the domain from "Server For NIS" and right click to select "Properties".
9.Select "md5" for "Encryption Scheme" and click "OK" button.
