Connecting the Password Reset App with Microsoft Active Directory

Guide Overview

The following guide is designed to provide step-by-step instructions on the following Password Assistant app topics:

  • Downloading the correct integration files and creating an AD user
  • Configuring the AD executable
  • Creating an automated scheduled task to sync user data


Guide Index

You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.

  1. Creating an Active Directory User
  2. Downloading Sync and Configuration Files
  3. Configuring the Active Directory Integration
  4. Creating a Scheduled Sync Task


Creating an Active Directory User

When setting up a connection between the Password Reset app and Microsoft AD you will first need to create a new user in your Active Directory with the following assigned roles:

  • Replicating directory changes.
  • Replicating directory changes in filtered set.
  • Replicating directory changes all.
  • Read.

Important Note:You will need to complete this step before proceeding. If you are unfamiliar with how to grant these specific permissions to a user then please refer to the following Microsoft help guide on Giving Users Replicating Directory Changes Permissions.

[Return to Index]


Downloading SYNC and Configuration Files

Now you will need to download the executable file from the Overview tab in the Password Assistant app by clicking on the Download Local AD Password Assistant Executable button.

This application will need to be downloaded on a machine that has network access to reach your AD server. You can run it on the AD server itself, but that's not a requirement. Additionally, the machine that runs the application will need to have the .NET framework v4.5.1 or higher.


Next, you will need to download the UserSync.conf file. In the Overview tab, click on the Download Configuration Template button.


[Return to Index]


Configuring the Active Directory Integration

After you have created your AD user and downloaded the necessary files, you will now need to extract the Microsoft AD Connectors file. Once all files have been extracted, move the UserSync.conf file into the unzipped folder containing the sync application.

Next, run the application titled IncidentIQ.Connectors.MicrosoftAd.exe. This will open up a new application window.


In the top section of the application window, you will need to modify the following default settings: ad.username, ad.password, ad.domain, and ad.ip.

Important Note: All fields must be kept inside of quotation marks. Data entered without these quotations will not configure properly.


The ad.password value should be encrypted. To get the encrypted value to fill into the settings, click the Common tab and enter the ad.password in the text field labeled Clear text. Copy the Encrypted value and paste it as the value for the ad.password setting.


Once all of your settings have been entered, click Save configuration.


After you've confirmed that the configuration has successfully saved, click Run now. Running the application can take a while depending on the number of users in your AD (syncing about 10,000 users takes roughly 10-15 minutes).

Upon completion, you will see a message stating "Completed sending data to IncidentIQ."


[Return to Index]


Creating a Scheduled Sync Task

To schedule the sync to occur automatically, you'll need to create a task in Windows Task Manager. You can do so by searching for Administrative Tools and selecting Task Scheduler. This will open the Task Scheduler window.


In the Task Scheduler window, start by clicking on Action > Create Basic Task...


This will open the Create Basic Task Wizard. At the very least, you will need to provide a name for the new task. You can also add a task if desired. Once complete, click Next.


In the next step, you will be asked to select when this task should Trigger. We recommend running it daily (overnight) for the most accurate user data. Please ensure you set the task to run regardless of whether a user is logged in or not on the server. Once complete, click Next.


For the next step, you will need to specify what action the task will take when running. Select Start a Program and then click on Next.


When specifying the action to perform, locate the file IncidentIQ.Connectors.MicrosoftAd.exe in the Program/script file browser. Supply the argument -passwordreset in the Add arguments field. And finally, you will need to indicate the path you unzipped the files to in the Start in field. Once complete, click Next.


In the final step, you may review all of the settings of your task. Once you have completed your review, click Finish to complete the task set up.


[Return to Index]

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.