CONFIGURING

6. Installing Active Directory Password Sync on a domain controller

To install Domino Active Directory Password Sync, use the Domino Windows 64-bit server installer on the Active Directory domain controller.

About this task

You install Active Directory Password Sync to load the Domino password library to the domain controller through the Local Security Authority (LSA) on the controller. The following components, which are required by the password library, are installed on the domain controller:


Procedure

1. Install Active Directory Password Sync using the Domino Windows 64-bit server installer on the Active Directory domain controller. You must select theActive Directory Password Sync install type.

2. Click the HCL AD Password Sync desktop link to begin Active Directory Password Sync setup.

3. When prompted, enter the Domino directory administration server for the Domino domain as the server from which to retrieve the directory.

4. Respond to any other prompts to complete setup.

5. After setup is complete, run regedit and confirm that the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages key contains the following entry as its last entry. This is the entry that allows LSA to load the Domino password library .


6. Restart the domain controller to load the Domino password library.

Results

Look at the Windows System log in Windows Event Viewer. Filter by Event source "Directory-Services-SAM" with Event Level "Error" and look for any errors that might indicate an error loading the Domino password library. If there are none, the library has loaded and begins to capture password changes for Domino users.

Additional information on status of the password library can be seen in the console.log located in the IBM_TECHNICAL_SUPPORT subdirectory of the Domino data directory on the domain controller.