Import and sync users from Active Directory with domain password changing
Hideez admin cases – Import and sync users from AD with domain password changing
Last updated
Hideez admin cases – Import and sync users from AD with domain password changing
Last updated
If you use Active Directory and want to manage employees using its interface, as well as regularly change domain passwords in automatic mode, then you need to:
Make sure you provide the correct settings to your Active Directory.
Create a group in AD with the name Security Key Owners and place all employees to whom you will give Hideez keys.
Create a group in AD with the name Security Key Auto Password Change and put all the employees for whom you want to configure regular automatic domain account password change.
Click the button Sync with AD.
Confirm the action by clicking Sync Now.
During import, employees have their domain accounts imported (no password).
If you encounter the "Unavailable Critical Extension" error during user sync or a password update, please refer to our troubleshooting section:
Assign a key to the user and provide the activation code. On the HES server-side, a new password for the domain account will be generated and tasks will be created to send the new password to AD and the employee's hardware key.
Until activation occurs and the key is connected, the employee will use his existing password to enter the domain account.
When the user connects the key to the computer for the first time, the following will happen:
The user turns on the key and taps it on the dongle (or pair the key through Windows settings).
The user confirms bonding - press during green flashing. This is necessary if this key was not connected to this computer. Otherwise, this step will be skipped, and the key will not flash green and require pressing.
The user goes through the activation procedure - enters the activation code previously reported to him.
The license for the key is loaded.
The new password is sent to AD from the server via LDAP and then succeeds from the server.
The server's task is being executed to load accounts and access them - a new password from the domain account is recorded on the key.
The user successfully logs into the domain account with a new password.
Video with Step 3 demonstration First login to the AD account with the Hideez key.
Note! After changing the password in this way, neither the User nor the Administrator will know it!
Specify the frequency of changing the password for your domain account in the HES settings. Regularly scheduled password changes will proceed in the same way as the initial password change.
The list of employees in the Security Key Auto Password Change and HES will be synchronized every hour.
When you add a new user to the Security Key Auto Password Change group during import, they domain account will be imported, and a new password will be generated for him, see Step 5 and Step 6.
When you remove a user from the Security Key Auto Password Change group, the scheduled password change logic stops working for them, the password remains valid according to the settings in AD.
Administrator can also change password manually or generate new password. You have to select the user and click Edit Password.
Click Enter Pwd button. Enter new password, then confirm and click the Save button.
Click Generate Pwd button. Then click the Generate button.
Note! After changing the password this way, neither the User nor the Administrator will know it!