Password Change Notification Service

If you want to use Active Directory as a password reset source, you will need to install Password Change Notification Service. PCNS is a special service you will install on all domain controllers for that source AD domain. PCNS safely intercepts the password change that the domain controller receives, and sends it over securely to the MIM Synchronization service, where MIM will investigate which MAs are configured as targets and send over the password.

Installing PCNS is a six-step process, which is as follows:

Extending the AD schema.
Installing the PCNS service.
Configuring the MIM SPN.
Configuring PCNS.
Configuring the MAs.
Enabling password synchronization.

We have already talked about the last two steps, so we ...

Get Microsoft Identity Manager 2016 Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Identity Manager 2016 Handbook by David Steadman, Jeff Ingalls

Password Change Notification Service

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly