You need to install a PasswordSync Agent to direct password communication between your corporate tree and Active Directory Domains.
The PasswordSync Agent should be installed on a computer running Windows 2000 or Windows NT4 SP6. This computer should not be hosting an agent already.
NOTE: This computer does not need to host eDirectory, but must at least have a Novell Client and connectivity to both the Active Directory domains and the corporate tree between which passwords will be synchronized.
To install PasswordSync:
Log in to eDirectory as Administrator or equivalent.
Log in to the local Windows computer as Administrator or equivalent.
Run Install\Setup.exe and continue through the Welcome page.
Select the components you want to install, then click Next.
You can install the Password Synchronization Service, the PasswordSync Snap-in for ConsoleOne, or both.
The snap-in can be installed on the same computer where the agent is installed, or on any computer that is convenient for administrative access.
NOTE: If you select only the snap-in, files are copied and the installation program finishes.
Confirm your selections by clicking Next.
In the PasswordSync Setup dialog box, select a domain and select the eDirectory DirXML driver.
If you type the name of an NT 4 domain rather than browse to it, you must enter the name in uppercase. This requirement is for NT 4 domain names only; Active Directory domain names are not required to be uppercase.
You must enter a domain name. Entering an IP address will not work. If the domain is in another tree or forest, the computer on which the PasswordSync Agent is being installed must be configured with the address of a WINS server in the target tree/forest.
Specify the name for the new PasswordSync object and the context where it should be placed.
The default object name is the name of the server where you are installing PasswordSync, followed by -pwdsync.
The default context is that of the container holding the DirXML DriverSet object.
Select the container for which PasswordSync will be assigned as a trustee.
The PasswordSync Agent needs the rights to manage passwords in eDirectory and to read the DirXML drivers that control the domains being synchronized. The installation program lets you select a container high enough in the tree to span all objects that the agent needs to access.
If you want to make narrower rights assignments, use ConsoleOne to add the agent's eDirectory object as a trustee with rights as outlined in the following table:
Install a PasswordSync Filter by selecting domain controllers from those listed and click Add.
IMPORTANT: Even though PasswordSync Filters might have been installed on the domain controllers when the PasswordSync Agent was installed in the workforce tree, the PasswordSync Filters must be installed again from the PasswordSync Agent in the corporate tree because configuration information is written to eDirectory during this process.
Because any domain controller can process a password change request, a filter must be installed on each Active Directory Domain Controller and each NT Primary Domain Controller. You should also install a filter on each NT Backup Domain Controller that could be promoted to a Primary Domain Controller.
If you have several domain controllers, we recommend that you install filters on a few controllers at a time. This will minimize the impact of rebooting many domain controllers at once and will expedite your initial installation. To install filters to domain controllers after initial installation, see Installing a PasswordSync Filter.
Remote domain controllers are rebooted automatically when installation is complete. You must reboot the local domain controller manually after installation is complete.
Click Finish.
PasswordSync installation is complete. You can test password synchronization using the steps in Validating Password Synchronization.