12.11. Managing the Password Sync Service

Important

Password Sync must be installed on every domain controller in the Active Directory domain in order to synchronize Windows passwords.
The service synchronizes password changes made on Active Directory with the corresponding entries' passwords on the Directory Server. Like any Windows service, it can be modified, started and stopped, and uninstalled, depending on how synchronization between Directory Server and Active Directory changes.
The Password Sync Service is supported on Microsoft Windows Server 2008 R2 (32-bit and 64-bit).

12.11.1. Modifying Password Sync

To reconfigure Password Sync:
  1. Open Control Panel, and double-click Add/Remove Programs.
  2. Click the Change button to relaunch the installer to change the settings.
  3. Go back through the configuration screens to make any changes to the configuration.

12.11.2. Starting and Stopping the Password Sync Service

The Password Sync Service is configured to start whenever the Active Directory host is started. To reconfigure the service so that it does not start when Windows reboots:
  1. Go to the Control Panel, and select Services.
  2. Scroll through the list of services for the Password Sync Service. The Startup field is set to Automatic.
  3. Double-click Password Sync.
  4. Select the Manual radio button, and then click OK.
To start and stop Password Sync:
  1. Go to the Control Panel, and select Services.
  2. Scroll through the list of services for Password Sync, and right-click.
  3. Select Stop, Start, or Restart, and hit okay.
    It's also possible to select the sync service and then click the start or stop links in the upper left of the Services window.
Changed passwords are captured even if Password Sync is not running. If Password Sync is restarted, the password changes are sent to Directory Server at the next synchronization.

12.11.3. Uninstalling Password Sync Service

  1. Open Control Panel, and double-click Add/Remove Programs.
  2. Select click Remove to uninstall the Password Sync Service.
  3. If SSL was configured for the Password Sync, then the cert8.db and key3.db databases that were created were not removed when Password Sync was uninstalled. Delete these files by hand.

12.11.4. Upgrading Password Sync

For details, see the corresponding section in the Red Hat Directory Server Installation Guide.