Password sync agent

Document ID : KB000103383
Last Modified Date : 26/06/2018
Show Technical Document Details
Question:
I have a query about password sync agent for IM.

Can I enable the Password Sync Agent for multiple END point ( Active
Directory ) ?

When I do the configuration it will ask me for END point. And there
is not option to select the multiple end points.

Suppose I have 3 domain controllers, do I need to deploy the password
sync agent on all three of them ?
Answer:
The documentation here specifies only 1 Endpoint to be configured :

  Synchronizing Passwords on Endpoints

  "If you have the Password Sync Agent installed on a managed
   endpoint, you need to manually enable the checkbox on the Endpoint
   object to indicates that the Password Sync Agent is installed."

  https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/password-management/synchronizing-passwords-on-endpoints

According to the following Knowledge Document, you should configure
the agent password sync on each end point :

  How does the mechanism for password capturing an endpoint password
  change and propagate it to global user, corporate user and other
  accounts work.

  "You will need to install a Password Synchronization Agent ( aka PSync
   Agent ) on your endpoint. The PSync Agent is specific to each endpoint
   and is intercepting passwords changed on the endpoint.  "

  https://comm.support.ca.com/kb/how-does-the-mechanism-for-password-capturing-an-endpoint-password-change-and-propagate-it-to-global-user-corporate-user-and-other-accounts-work/kb00005028010:29:09

Further, according to this next knowledge document, you should set the
password sync agent on all domain controllers where password are
allowed to be set / reset.

  Which Domain Controllers should I install Password Sync Agents on?

  "Password Sync Agents are required to be installed only on DCs where
   passwords are allowed to be set/reset."

  [...]

  "you really do not need to install the Password Sync Agent software
   on any domain controller that isn't allowing direct password resets."

  https://comm.support.ca.com/kb/which-domain-controllers-should-i-install-password-sync-agents-on/kb000050277