N/APosted on - 08/12/2011
There are 2 Active Directories in 2 separate domains. One domain is used for login and the other is used for mail exchange. Users follow password policies. Right now, password is the same on both domains.
Is there a possibility to sync the passwords across different domains?
Is there a password sync between 2 Active Directories in different domains?
Sync between two Active Directories over separate domains is done via replication.
Replication is initiated via the repadmin command:
repadmin /replicate destination_dsa source_dsa Naming Context /async
Sample command line syntax:
repadmin /replicate AD2server.com AD1server.com dc=domain1,dc=domain2 /async
Destination server Name: AD2server.com
Source server Name: AD1server.com
Naming syntax : dc=domain1,dc=domain2 (Domain partitions)
The switch "/async" is added if there is low bandwidth connectivity between domain controllers.
Before performing replication, please ensure that Active Directory password complexity policies are enabled. This will ensure that the Password Sync service will run.
command line for Password Sync service enabling:
Run > secpol.msc > Security Settings > Account Policies > Password Policy.
Make sure that "Password must meet complexity requirements" is selected.
Hope this helps,