Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

I want to use Identity Lifecycle Manager (ILM) to synchronize passwords between two forests. What trusts do I need?

forests identity ILM lifecycle manager passwords synchronize trusts
0
Posted

I want to use Identity Lifecycle Manager (ILM) to synchronize passwords between two forests. What trusts do I need?

0 CommentsAdd a Comment

1 Answer

0

John Savill / October 4, 2009 A. The trust relationships required depend on the configuration. To synchronize passwords between different forests, you have two critical components. Password Change Notification Service (PCNS)—This is responsible for pushing password changes from the Active Directory to an identity store/synchronization engine such as ILM. PCNS is installed on the domain controllers in the domain where password changes need to be captured. There is an Active Directory (AD) schema change required for PCNS to function The Synchronization Engine—this actually acts on the new passwords and updates other objects. In this case, ILM. PCNS and ILM must be in the same forest or have a two-way Kerberos forest trust between them, but no trust is needed between the ILM instance and the target forest where you’re updating passwords. All you need in ILM is a connector to the target forest and to match up the user in the source forest with the user in the target forest in the metaverse

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123