Configure Password Sync Agent to disallow Active Directory password changes while your Provisioning Server of Identity Manager is offline

Document ID : KB000033550
Last Modified Date : 14/02/2018
Show Technical Document Details


This is a walk through of the configuration changes necessary to prevent users from changing their Active Directory passwords when your Provisioning Server is unreachable. By default, if the Provisioning Server is unavailable, users will still be allowed to change their passwords.



1. On the system that has Password Sync Agent installed, go to the following path: C:\Program Files\CA\eTrust Admin Password Sync Agent\data

*Please note that this is the default installation path.


2. Open the file eta_pwdsync.conf using an editor program such as notepad.


3. Search for the following text: out_of_sync


4. Ensure that the out_of_sync variable is set to no. The line in the file should look like this: out_of_sync=no


Additional Information: 

Please note that this needs to be done for every domain controller on your network.