How to configure password synchronization between two Active Directory Domains with Microsoft Identity Manager PCNS?

by donmelchior   Last Updated February 11, 2019 10:00 AM

I have two domains with a two-ways trust relationship (selective authentication). Microsoft Identity Manager is installed, configured and "Password Change Notification Service" is configured and properly delivers password changes with RPC requests to the target FIMSyncronization Service (Kerberos authentication also working properly).

Two AD management agents are configured in MIM: One for the "source" domain and another one for the "target" domain.

Which attributes and join/projection rules need to be configured in order to allow password synchronization on "source" agent and "target" agent?

Official documentation is unclear on that matter and all examples on the Web don't give any hints regarding needed rules/attributes/mapping for password Synchronization.

Plus 'unicodePwd' attribute is write only in Active Directory and there doesn't seem to be any relevant attribute in Metaverse to store this password hash.

Related Questions

TMG: Allowed user groups and weird group names

Updated August 11, 2015 17:00 PM

can I reset the clock on an expired password in AD?

Updated February 14, 2018 18:00 PM