Configuration parameters in the configuration file
The Windows Password Synchronizer plug-in has a template configuration file that is installed at TDI_install_dir /pwd_plugins/windows/pwsync.props.
Many of the configuration parameters in the configuration file are common to all the password plug-ins, see Configuration file parameters in Common configuration and utilities of password synchronization plug-ins.
- includeGroups
- An optional list of Windows groups. If the user is a member of any group in the list, the filter accepts the user. The assumption is that the user is not excluded by any of the exclude lists.
- excludeGroups
- An optional list of Windows groups. If the user is not a member of any group in the list, the filter does not accept the user.
- includeDNs
- An optional list of DN suffixes. If the distinguished name of a user matches any suffix on the list, the filter accepts the user. The assumption is that the user is not excluded by any of the exclude lists.
- excludeDNs
- A list of DN suffixes. If the distinguished name of a user matches any suffix on the list, the filter does not accept the user.
- accountTypes
- Specifies the type of account for which the password changes are reported. Format of the parameter is a space-delimited list of account types. The Password Synchronizer plug-in can report password changes to the following Windows account types:
An example value for this key is:
- NORMAL_ACCOUNT
- Default account type that represents a typical user.
- TEMP_DUPLICATE_ACCOUNT
- Account for users whose primary account is in another domain.
- INTERDOMAIN_TRUST_ACCOUNT
- Permit to trust the account for a domain that trusts other domains.
- WORKSTATION_TRUST_ACCOUNT
- Computer account for a computer that is a member of this domain.
- SERVER_TRUST_ACCOUNT
- Computer account for a backup domain controller that is a member of this domain.
"NORMAL_ACCOUNT WORKSTATION_TRUST_ACCOUNT"Note: The Password Synchronizer always reports password changes to the accounts of type NORMAL_ACCOUNT regardless of whether NORMAL_ACCOUNT is specified in the AccountTypes parameter.
Parent topic:
Deployment and configuration