Target
- Customers performing a replacement (relocation / OS upgrade included) of the sync server
- Customers who do not perform password sync from Active Directory
Purpose
This article explains the settings related to the HENNGE Directory Sync Tool when replacing (relocating / upgrading the OS) the sync server.
Notes
- This article is based on the current environment configuration and work details as confirmed in advance by a HENNGE representative through interviews with your company’s contact person.
If you are planning a replacement, please refer to the following article:
Request for customers planning to upgrade, replace, or add a Windows Server - Due to our company name change (HDE→HENNGE) on February 1, 2019, the names of services and sync tools have changed.
However, the file names and installation folder names used in this procedure have not been changed to avoid impact on customers, so please use the names as described in this article. - The content of this article is based on information as of March 2026 and may be changed without notice.
Table of Contents
Preparation – Downloading the Installer
- Preparation on the new server where HENNGE Directory Sync Tool will be run [After building the new sync server]
- Tasks when stopping the sync service on the old server running HENNGE Directory Sync Tool
- Tasks when running HENNGE Directory Sync Tool on the new sync server
Procedure
Preparation – Downloading the Installer
- Access the Access Control Administration.
[Access Control] How to log in to the Administration - Follow the steps below to obtain HDEOneDirectorySync-x64.msi.
[Access Control] How to download the Active Directory sync tool
1. Preparation on the new server where HENNGE Directory Sync Tool will be run [After building the new sync server]
Check HENNGE Directory Sync Tool installation requirements
- Refer to the following article and confirm that the supported requirements are met.
HENNGE One supported environment – HENNGE Directory Sync Tool - Confirm that you can connect to the destination Active Directory.
Install the root certificate required for operation
-
Refer to the following procedure to install the certificate.
[Access Control] How to install the root certificate for HENNGE Directory Sync Tool operationWhen running HENNGE Directory Sync Tool, an SSL certificate check is performed for communication with Access Control.
If the required SSL root certificate is not installed, an error may occur.
Install the new HENNGE Directory Sync Tool
- Run the HDEOneDirectorySync-x64.msi downloaded from Access Control in advance and follow the dialog to install.
- Overwrite the config.ini file provided by HENNGE into the installation folder (※).
(※) C:\Program Files\HDE One Directory Sync\-
If the IP address or hostname of the referenced Active Directory domain controller will change,
edit the value specified in the “server=” variable in the config.ini file to the new domain controller’s IP address and save it.------------------------------ ;; Domain information server=xxx.xxx.xxx.xxx ------------------------------ - If “password=” is deleted or masked, enter and save the correct logon password for the user specified in “username=”.
-
Move the Assign-HDEOnePasswordSyncGroup.bat folder from the old server running HENNGE Directory Sync Tool
- Obtain the entire C:\HDEOne\ folder from the old server running HENNGE Directory Sync Tool.
- Place the obtained folder directly under the C:\ drive of the new server running HENNGE Directory Sync Tool, maintaining the same directory structure as the old server.
2. Tasks when stopping the sync service on the old server running HENNGE Directory Sync Tool
Check the user running HENNGE Directory Sync Tool
On the pre-migration sync server, open [Administrative Tools] – [Services], then open [Properties] – [Log On] for the following service. If a user is specified in [Account], make a note of the value.
- HDE One Directory Sync
Stop the HENNGE Directory Sync Tool service on the pre-migration server
On the pre-migration sync server, open [Administrative Tools] – [Services] and stop the following service.
- HDE One Directory Sync
3. Tasks when running HENNGE Directory Sync Tool on the new sync server
Set up periodic execution of Assign-HDEOnePasswordSyncGroup.bat
Refer to the “Periodic execution settings” section in the following article to set up periodic execution of Assign-HDEOnePasswordSyncGroup.bat.
* You do not need to check other sections.
[Access Control] Running Assign-HDEOnePasswordSyncGroup.bat
Check HENNGE Directory Sync Tool operation
During normal operation, HENNGE Directory Sync Tool is periodically executed as a Windows service, but you can also perform an immediate user sync using a PowerShell command.
You can check the operation of user sync by following the steps below.
* Please perform this task with a user who has [Domain Admins] or [Enterprise Admins] role.
- Launch PowerShell as an administrator.
-
Run the following command to perform a test sync with HENNGE Directory Sync Tool.
* If you do not add the /n option, a sync will be performed, so please be careful.> cd "C:\Program Files\HDE One Directory Sync" > .\console.exe /n -
Confirm that the differences for unsynced users are displayed.
Example)------------------------------------------------------------------ ##### Sync set [sync01] ##### Active Directory ---> HDE Access Control Add: Administrator / iGcrgi8tjUy1NfaLulJ/5Q== Add: Guest / qWEUYHX3DUOxPrZv6C271Q== Add: test01 / test01@addc1.example.com / WEt4r/aDlE3wtGz0UbVoqQ== Delete: aaa / aab@addc1.example.com / hfJV7x6cakym2AIWkThdA== ----------------------------------------------------------------------* If there are no users to be synced, the following will be output.
Example)------------------------------------------------------------------ ##### Sync set [sync01] ##### Active Directory ---> HDE Access Control * No sync data * ----------------------------------------------------------------------
Periodic execution of the HENNGE sync service
- Log in as an administrator to the server where HENNGE Directory Sync Tool is installed.
- Open [Control Panel] – [Administrative Tools] – [Services].
- Double-click the following two services, set the service status to [Start], and set the startup type to [Automatic (Delayed Start)].
- HDE One Directory Sync
- If an account was specified in “Check the user running HENNGE Directory Sync Tool” in “2. Tasks when stopping the sync service on the old server running HENNGE Directory Sync Tool” in this manual, specify the same user in the [Log On] tab.
- Click [OK].
- Open the Access Control Administration in your browser.
* This can also be done from another device. - Follow the steps in [Check periodic sync logs] in the following article to confirm that account sync has completed.
[Access Control] Running HENNGE Directory Sync Tool
* The default periodic execution interval for each service is as follows (can be changed in 1-minute increments):
・HDE One Directory Sync: Once every 2 hours