Password Synchronisation

Hello,

I'm trying to understand and validate some informations, we have a one way Migration / synchronization from domain source to domain target, my Questions:

- How does the password synch works ? it's based on the chage timestamp ? if I change the source Password does it replicate on the target with a full synch

- is there a way to fix the password copy Synch problems related to the doamin password policies (complexity, length).. the problem occurs when the policy is not the same on the target

-Where can I find the accounts who failed the password complexity

Thank you

Parents
  • During a full sync or migration session, it reads the source and writes the target. During a delta sync, it is based on the same thing AD replication is based on, the USN. So if the password in changed in the source (or read side or a two-way sync) it will be picked up to write to the target (or write sude of a two-way sync). By default the pwdlastset date/time will be compared and if it is newer it will be written. If it is older the password is copied. 

    The password policy is not an issue. We do not copy passwords, we copy the password HASH. Only blank passwords fail. 

  • Thank you Jeff, if I understood well, if the password does not respect the complexity at the source domain, quest will keep the same password, so the user can login to the target domain with the same password ....... the complexity will apply when he wants to change the password

Reply Children
No Data