Synchronize Passwords with Active Directory

As of version 5.4 of Passwordstate, it’s now possible to synchronize passwords in Passwordstate with either Active Directory or local Windows Servers.

In order for a Password List to be ‘ready’ for synchronization, the following ‘Customized Fields’ are required for the Password List:

  • You must select the ‘User Name’ field
  • You must select one Generic Field and label it ‘Domain or Host’
  • You must select the ‘Account Type’ field

When a Password List is ready for synchronization, you will see the following graphic at the top-right hand side of the Password grid:

Now, when you edit a record, you will see the following screen:

  • 1 – You must select the ‘Account Type’ of Windows
  • 2 – The ‘Account Synchronization Enabled’ indicator will be shown
  • 3 – This icon allows you to confirm the password you are enter matches what’s stored in Active Directory or on the local Windows Server
  • 4 – This is what you click on to save the record in Passwordstate, and to change (sync) the password in Active Directory or local Windows Server

Note: When adding a new password record to Passwordstate, you cannot also add the account into Active Directory or local Windows Server, however you can confirm the password is correct by clicking on the Check Password icon.

As of Build 5416, we also have a report which you can run for Password Lists which validates in real-time if the passwords are synchronized. You will see the following drop-down menu option if the Password List is ‘ready’ for synchronization:


Troubleshooting Sync Issues

It’s possible that synchronization may not work with the default settings, due to different security restrictions customers may place on their Active Directory environment. If you receive a popup message when synchronizing to say there was an error, and to check your settings, you may need to specify an appropriate domain account to synchronize with. On the screen Administration -> System Settings -> Active Directory Options Tab, you can specify an account as per the screenshot below.

If you still have issues after this, something else which may be required is specifying the same AD account to use as the Application Pool identity in IIS – you can following the instructions in our installation documentation labelled ’11. Active Directory & IIS Application Pool.

adsync1

 

We hope you like to new feature, and look forward to hearing any feedback from you.

Regards
Click Studios
Passwordstate – Secure Password Manager

Comments

  1. Is there a way to do bulk sync ? ie push passwords to all servers at once?

    • support says:

      Hi Andy,

      In version 5 there isn’t, but in the upcoming version 6 (due by the end of the month) we have an API where this will be possible. You can make as many API calls as you want, generate a random password when you do, and update the password in Passwordstate and Active Directory at the same time. Hopefully this will help you.

      Regards
      Click Studios

Speak Your Mind

*