Provide a command line execution option for the Password Sync Troubleshooting tool so it can be run from a script and results sent to a SIEM product for alerting / reporting of the status of password sync filter shims. Particularly Active Directory domain controllers.
Enterprise deployments of IDM can have between 3,000 and 5,000 password change events per day. When password sync shims are unable to connect to a remote loader password sync driver, passwords set from Active Directory do not enter the IDM vault or sync to other domains. Having a method to periodically check password sync shim/filter communications without human intervention allows support staff to detect and resolve any issues that would result in out-of-sync passwords. Both directions of communications need to be checked (Remote Loader > DC and DC > Remote Loader) for port blockages. The PassSyncTroubleshootinTool does this but can only be initiate by manual intervention.
by: Mark W. | over a year ago | Other
Comments
this is something our customer is looking at and it will help in their goal of predictive analysis of their environment.
If you still need this, I wrote some scripts to keep track of the registry keys that are created by the password shim which can trigger emails when it detects that users have changed passwords but it hasn't been synced to IDM.
Give me a holler on david.king@assertiv.com and I might be able to write a cool solutions article if enough people want it.