Skip to main content
日本語 简体中文 繁體中文

[Access Control] Active Directory Replacement Procedure (Sync Server Only, Password Synced)

Target

  • Customers who are replacing (relocating/upgrading OS) the sync server
  • Customers who are performing password sync from Active Directory

Purpose

This article explains the settings related to HENNGE Directory Sync Tool when replacing (relocating/upgrading OS) the sync server.

Notes

  1. This article is based on the current environment configuration and work details that the HENNGE representative has confirmed with your company in advance.
    If you are planning a replacement, please refer to the following article:
    Request for Customers Planning Windows Server Version Upgrade, Replacement, or Addition
  2. Due to our company name change (HDE→HENNGE) on February 1, 2019, the names of services and sync tools have changed.
    However, the file names and installation folder names used in this procedure have not been changed to avoid impact on customers, so please use the names as described in this article.
  3. The content of this article is based on information as of March 2026 and may be changed without notice thereafter.

Table of Contents

Preparation – Downloading the Installer

  1. Preparation on the New Server Running HENNGE Directory Sync Tool [After Building the New Sync Server]
  2. Tasks When Stopping the Sync Service on the Old Server Running HENNGE Directory Sync Tool
  3. Tasks When Running HENNGE Directory Sync Tool on the New Sync Server
  4. Troubleshooting When Password Sync Does Not Occur After All Tasks Are Completed

Procedure

Preparation – Downloading the Installer

  1. Access the Access Control Administration.
    [Access Control] How to Log in to the Administration
  2. Follow the steps below to obtain HDEOneDirectorySync-x64.msi.
    [Access Control] How to Download the Active Directory Sync Tool

1. Preparation on the New Server Running HENNGE Directory Sync Tool [After Building the New Sync Server]

Check HENNGE Directory Sync Tool Installation Requirements

  1. Refer to the following article and confirm that the system requirements are met.
    HENNGE One Supported Environment – HENNGE Directory Sync Tool
  2. Confirm that you can connect to the destination Active Directory.

Install the Root Certificate for Operation

  1. Refer to the following procedure to install the certificate.
    [Access Control] How to Install the Root Certificate for HENNGE Directory Sync Tool Operation

    When running HENNGE Directory Sync Tool, SSL certificate checks are performed for communication with Access Control.
    If the required SSL root certificate is not installed, an error may occur.

Install the New HENNGE Directory Sync Tool

  1. Run the HDEOneDirectorySync-x64.msi downloaded from Access Control in advance and follow the dialog to install.
  2. Overwrite the config.ini file provided by HENNGE into the installation folder (※).
    (※) C:\Program Files\HDE One Directory Sync\

    • If the IP address or hostname of the destination Active Directory domain controller will change,
      update the value specified in the "server=" variable in the config.ini file to the new domain controller's IP address and save it.

      ------------------------------
;; Domain information
server=xxx.xxx.xxx.xxx
------------------------------
    • If "password=" is deleted or masked, enter and save the correct logon password for the user specified in "username=".

Move the Assign-HDEOnePasswordSyncGroup.bat Folder from the Old Server Running HENNGE Directory Sync Tool

  1. Obtain the entire C:\HDEOne\ folder from the old server running HENNGE Directory Sync Tool.
  2. Place the obtained folder directly under the C:\ drive of the new server running HENNGE Directory Sync Tool, maintaining the same directory structure as the old server.

2. Tasks When Stopping the Sync Service on the Old Server Running HENNGE Directory Sync Tool

Check the User Running HENNGE Directory Sync Tool

On the pre-migration sync server, open [Administrative Tools] – [Services], then open [Properties] – [Log On] for the following services. If a user is specified in [Account], make a note of the value.

  • HDE One Directory Sync
  • HDE One Password Sync

Service account confirmation screen

Stop the HENNGE Directory Sync Tool Services Before Migration

On the pre-migration sync server, open [Administrative Tools] – [Services] and stop the following services.

  • HDE One Directory Sync
  • HDE One Password Sync

3. Tasks When Running HENNGE Directory Sync Tool on the New Sync Server

Set Up Periodic Execution of Assign-HDEOnePasswordSyncGroup.bat

Refer to the "Periodic Execution Settings" section in the following article and set up periodic execution of Assign-HDEOnePasswordSyncGroup.bat.
*You do not need to check other sections.
[Access Control] Running Assign-HDEOnePasswordSyncGroup.bat

Check HENNGE Directory Sync Tool Operation

During normal operation, HENNGE Directory Sync Tool is periodically executed as a Windows service, but you can also perform immediate user sync using a PowerShell command.
You can check the operation of user sync by following the steps below.

*Please perform this task with a user who has [Domain Admins] or [Enterprise Admins] role.

  1. Launch PowerShell as an administrator.

  2. Run the following command to perform a test sync with HENNGE Directory Sync Tool.
    * If you do not add the /n option, an actual sync will be performed, so please be careful.

    > cd "C:\Program Files\HDE One Directory Sync"
> .\console.exe /n

  3. Confirm that the differences for unsynced users are displayed.

    Example)------------------------------------------------------------------
##### Sync set [sync01] #####
   Active Directory ---> HDE Access Control
Add: Administrator / iGcrgi8tjUy1NfaLulJ/5Q==
Add: Guest / qWEUYHX3DUOxPrZv6C271Q==
Add: test01 / test01@addc1.example.com / WEt4r/aDlE3wtGz0UbVoqQ==
Delete: aaa / aab@addc1.example.com / hfJV7x6cakym2AIWkThdA==
----------------------------------------------------------------------

    *If there are no users to be synced, the following will be output.

    Example)------------------------------------------------------------------
##### Sync set [sync01] #####
   Active Directory ---> HDE Access Control
 * No sync data *
----------------------------------------------------------------------

Periodic Execution of HENNGE Sync Services

* Please note that all users' passwords will be synced during the initial sync.

  1. Log in as an administrator to the server where HENNGE Directory Sync Tool is installed.
  2. Open [Control Panel] – [Administrative Tools] – [Services].
  3. Double-click the following two services, set their status to [Start], and set the startup type to [Automatic (Delayed Start)].
    • HDE One Directory Sync
    • HDE One Password Sync
  4. If an account was specified in "2. Tasks When Stopping the Sync Service on the Old Server Running HENNGE Directory Sync Tool" – "Check the User Running HENNGE Directory Sync Tool" in this manual, specify the same user on the [Log On] tab.
  5. Click [OK].
  6. Open the Access Control Administration in your browser.
    *This can also be done from another device.
  7. Follow the steps in the following article under [Check Periodic Sync Logs] to confirm that account and password sync has completed.
    [Access Control] Running HENNGE Directory Sync Tool
    *The default periodic execution intervals for each service are as follows (can be changed in 1-minute increments):
    ・HDE One Directory Sync: Once every 2 hours
    ・HDE One Password Sync: Once every 3 minutes (displayed only if there is a password change)

4. Troubleshooting When Password Sync Does Not Occur After All Tasks Are Completed

Perform this task as an initial response if password sync is not working properly after completing all steps in this procedure.
*If password sync is working properly, this task is not necessary.
*If password sync still does not work after performing this task, please also refer to the following article.
Active Directory Integration: Troubleshooting Password Sync

Clear HENNGE Directory Sync Tool Registry

HENNGE Directory Sync Tool's password sync duplicates and retains the registry value of the domain controller used in the previous execution.
If the referenced domain controller has changed, you need to reset this value to perform password sync properly.

Follow the steps below to reset the value.

  1. [Access Control] Required Tasks When Changing the Referenced AD for HENNGE Directory Sync Tool
  2. Open the Access Control Administration.
    *This can also be done from another device.
  3. Follow the steps in the following article under [Check Periodic Sync Logs] to confirm that account and password sync has completed.
    [Access Control] Running HENNGE Directory Sync Tool
    *The default periodic execution intervals for each service are as follows (can be changed in 1-minute increments):
    ・HDE One Directory Sync: Once every 2 hours
    ・HDE One Password Sync: Once every 3 minutes (displayed only if there is a password change)