Provide a command line execution option for the Password Sync Troubleshooting tool so it can be run from a script and results sent to a SIEM product for alerting / reporting of the status of password sync filter shims. Particularly Active Directory domain controllers.

Enterprise deployments of IDM can have between 3,000 and 5,000 password change events per day. When password sync shims are unable to connect to a remote loader password sync driver, passwords set from Active Directory do not enter the IDM vault or sync to other domains. Having a method to periodically check password sync shim/filter communications without human intervention allows support staff to detect and resolve any issues that would result in out-of-sync passwords. Both directions of communications need to be checked (Remote Loader > DC and DC > Remote Loader) for port blockages. The PassSyncTroubleshootinTool does this but can only be initiate by manual intervention.

Comments

  • this is something our customer is looking at and it will help in their goal of predictive analysis of their environment.