I have a query about password sync agent for IM. Can I enable the Password Sync Agent for multiple END point ( Active Directory ) ? When I do the configuration it will ask me for END point. And there is not option to select the multiple end points. Suppose I have 3 domain controllers, do I need to deploy the password sync agent on all three of them ?
The documentation here specifies only 1 Endpoint to be configured : Synchronizing Passwords on Endpoints "If you have the Password Sync Agent installed on a managed endpoint, you need to manually enable the checkbox on the Endpoint object to indicates that the Password Sync Agent is installed." https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/password-management/synchronizing-passwords-on-endpoints According to the following Knowledge Document, you should configure the agent password sync on each end point : How does the mechanism for password capturing an endpoint password change and propagate it to global user, corporate user and other accounts work. "You will need to install a Password Synchronization Agent ( aka PSync Agent ) on your endpoint. The PSync Agent is specific to each endpoint and is intercepting passwords changed on the endpoint. " https://comm.support.ca.com/kb/how-does-the-mechanism-for-password-capturing-an-endpoint-password-change-and-propagate-it-to-global-user-corporate-user-and-other-accounts-work/kb00005028010:29:09 Further, according to this next knowledge document, you should set the password sync agent on all domain controllers where password are allowed to be set / reset. Which Domain Controllers should I install Password Sync Agents on? "Password Sync Agents are required to be installed only on DCs where passwords are allowed to be set/reset." [...] "you really do not need to install the Password Sync Agent software on any domain controller that isn't allowing direct password resets." https://comm.support.ca.com/kb/which-domain-controllers-should-i-install-password-sync-agents-on/kb000050277
KB : KB000103383
Hi Patrick, all
May I suggest you to move this thread from CA Single Sign-On to CA Identity Suite/CA Identity Manager community? This topic is not related to CA SSO.
HTH. Best, Welington.