HP-UX Directory Server 8.1 administrator guide
Windows Users Sync and New Windows Groups Sync attributes in the synchronization
agreement.
NOTE:
A synchronization agreement needs to be configured for both kinds of unidirectional
synchronization.
To only synchronize Directory Server entries, then do not set the Active Directory sync attributes
in the sync agreement. Likewise, to only synchronize Active Directory over to Directory Server,
do not add any sync attributes to Directory Server entries.
9.9 Password sync service
The Password Sync Service must be installed on every Active Directory domain controller. The
service synchronizes password changes made on Active Directory with the corresponding entries'
passwords on the Directory Server. Like any Windows service, it can be modified, started and
stopped, and uninstalled, depending on how synchronization between Directory Server and
Active Directory changes.
9.9.1 Modifying password sync
To reconfigure Password Sync, open the Windows Services panel, highlight Password Sync, and
select Modify. This goes back through the configuration screens.
9.9.2 Starting and stopping the password sync service
The Password Sync Service is configured to start whenever the Active Directory host is started.
To reconfigure the service so that it does not start when Windows reboots:
1. Go to the Control Panel, and select Services.
2. Scroll through the list of services for the Password Sync Service. The Startup field is set to
Automatic.
3. Double-click on Password Sync.
4. Select the Manual radio button, then click OK.
To start and stop Password Sync:
1. Go to the Control Panel, and select Services.
2. Scroll through the list of services for Password Sync, and right-click on it.
3. Select Stop or Start, and click Okay.
Changed passwords are captured even if Password Sync is not running. If Password Sync is
restarted, the password changes are sent to Directory Server at the next synchronization.
9.9.3 Uninstalling password sync service
To uninstall the Password Sync Service:
1. Open the Add/Remove Programs utility.
2. Select click remove to uninstall the Password Sync Service.
3. If SSL was configured for the Password Sync, then the cert8.db and key3.db databases
that were created are not removed when Password Sync is uninstalled. Delete these files by
hand.
9.10 Troubleshooting synchronization problems
If synchronization does not seem to be functioning properly, see the Windows event log and/or
Directory Server errors log for information on any potential problems.
428 Synchronizing Directory Server with Microsoft Active Directory