Target
- Customers performing Active Directory and sync server replacement (including migration / OS version upgrade)
- Customers who do not perform Password Synced
Purpose
This article explains the settings related to HENNGE Directory Sync Tool when performing Active Directory and sync server replacement (including migration / OS version upgrade).
Notes
- This article is based on the current environment configuration and work details that the HENNGE representative has heard from your company in advance.
If you are planning a replacement, please refer to the following article.
Request for customers planning to upgrade, replace, or add Windows Server - Due to our company name change (HDE→HENNGE) on February 1, 2019, the names of services and sync tools have been changed.
However, the file names and installation folder names used in this procedure have not been changed to avoid impact on customers, so please use the names as described in this article. - The content of this article is based on information as of March 2026 and may be changed without notice.
Table of Contents
Preparation – Downloading the Installer
- Work on the new Active Directory domain controller server (Windows Server 2016 or later) [After domain promotion / Common to all servers]
- Preparation on the server where HENNGE Directory Sync Tool will be newly run [After building the new sync server]
- Stopping the sync service on the old server where HENNGE Directory Sync Tool is running
- Tasks when running HENNGE Directory Sync Tool on the new sync server
Procedure
Preparation – Downloading the Installer
- Access the Access Control Administration.
[Access Control] How to log in to the Administration - Follow the steps below to perform [Download HENNGE Directory Sync Tool] and obtain HDEOneDirectorySync-x64.msi.
[Access Control] Procedure for downloading the Active Directory sync tool
1. Work on the new Active Directory domain controller (Windows Server 2016 or later)
[After domain promotion / Common to all servers]
Checking Active Directory Web Services (ADWS)
*Please perform this task after domain controller promotion.
Open [Administrative Tools] – [Services] and confirm that the status of Active Directory Web Services is "Started" and the startup type is "Automatic".
2. Preparation on the server where HENNGE Directory Sync Tool will be newly run [After building the new sync server]
Checking HENNGE Directory Sync Tool installation requirements
- Refer to the following article and confirm that the supported requirements are met.
HENNGE One supported environment – HENNGE Directory Sync Tool - Confirm that you can connect to the destination Active Directory.
Installing the root certificate for operation
-
Refer to the following procedure to install the certificate.
[Access Control] Procedure for installing the root certificate for HENNGE Directory Sync Tool operationWhen running HENNGE Directory Sync Tool, an SSL certificate check is performed for communication with Access Control.
If the required SSL root certificate is not installed, an error may occur.
Installing the new HENNGE Directory Sync Tool
- Run the HDEOneDirectorySync-x64.msi downloaded from Access Control in advance and install it by following the dialog.
- Overwrite the config.ini file provided by HENNGE into the installation folder (※).
(※) C:\Program Files\HDE One Directory Sync\-
If the IP address or host name of the referenced Active Directory domain controller will change,
change the value specified in the "server=" variable in the config.ini file to the new domain controller's IP address and save it.------------------------------ ;; Domain information server=xxx.xxx.xxx.xxx ------------------------------ - If "password=" is deleted or masked, enter the correct logon password for the user specified in "username=" and save the file.
-
Moving the Assign-HDEOnePasswordSyncGroup.bat folder from the old server where HENNGE Directory Sync Tool is running
- Obtain the entire C:\HDEOne\ folder from the old server where HENNGE Directory Sync Tool is running.
- Place the obtained folder directly under the C:\ drive of the new server where HENNGE Directory Sync Tool will be run, maintaining the same folder structure as the old server.
3. Tasks when stopping the sync service on the old server where HENNGE Directory Sync Tool is running
Checking the HENNGE Directory Sync Tool service user
On the pre-migration sync server, open [Administrative Tools] – [Services], open [Properties] – [Log On] for the following service, and if a user is specified in [Account], make a note of the value.
- HDE One Directory Sync
Stopping the pre-migration HENNGE Directory Sync Tool service
On the pre-migration sync server, open [Administrative Tools] – [Services] and stop the following service.
- HDE One Directory Sync
4. Tasks when running HENNGE Directory Sync Tool on the new sync server
Setting up periodic execution of Assign-HDEOnePasswordSyncGroup.bat
Refer to the "Periodic execution settings" section in the following article and set up periodic execution of Assign-HDEOnePasswordSyncGroup.bat.
*You do not need to check other items.
[Access Control] Running Assign-HDEOnePasswordSyncGroup.bat
Checking HENNGE Directory Sync Tool operation
During normal operation, HENNGE Directory Sync Tool is periodically executed by the Windows service, but you can also immediately perform user sync using a PowerShell command.
You can check the operation of user sync by following the steps below.
*Please perform this task with a user who has [Domain Admins] or [Enterprise Admins] role.
- Start PowerShell as an administrator.
-
Run the following command to perform a test sync with HENNGE Directory Sync Tool.
* If you do not add the /n option, a sync will be performed, so please be careful.> cd "C:\Program Files\HDE One Directory Sync" > .\console.exe /n -
Confirm that the differences for unsynced users are displayed.
Example)------------------------------------------------------------------ ##### Sync set [sync01] ##### Active Directory ---> HDE Access Control Add: Administrator / iGcrgi8tjUy1NfaLulJ/5Q== Add: Guest / qWEUYHX3DUOxPrZv6C271Q== Add: test01 / test01@addc1.example.com / WEt4r/aDlE3wtGz0UbVoqQ== Delete: aaa / aab@addc1.example.com / hfJV7x6cakym2AIWkThdA== ----------------------------------------------------------------------*If there are no users to be synced, the following will be output.
Example)------------------------------------------------------------------ ##### Sync set [sync01] ##### Active Directory ---> HDE Access Control * No sync data * ----------------------------------------------------------------------
Periodic execution of HENNGE sync service
- Log in as an administrator to the server where HENNGE Directory Sync Tool is installed.
- Open [Control Panel] – [Administrative Tools] – [Services].
- Double-click the following service and set the service status to [Start] and the startup type to [Automatic (Delayed Start)].
- HDE One Directory Sync
- If an account was specified in "Checking the HENNGE Directory Sync Tool service user" in "3. Tasks when stopping the sync service on the old server where HENNGE Directory Sync Tool is running" in this manual, specify the same user in the [Log On] tab.
- Click [OK].
- Open the Access Control Administration in your browser.
*You can also do this from another device. - Follow the steps in [Checking periodic sync logs] in the following article to confirm that account and password sync has been completed.
[Access Control] Running HENNGE Directory Sync Tool
*The default periodic execution interval for each service is as follows (can be changed in 1-minute increments):
・HDE One Directory Sync: Once every 2 hours