Hitachi ID Password Manager includes two connectors for Active Directory:
Either connector will work with all available versions of Windows and Active Directory. Both include advanced features:
Native password changes made on Windows servers and domain controllers can trigger transparent password synchronization.
After a password change with a web-based password management system, the cached credentials on a user's PC will be different than the user's new domain password:
If a user signs off and back-on after a web-based password change, the Windows cache is refreshed and the intruder lockout problem described above is averted. This approach is not user friendly, however.
To eliminate this problem without forcing users to sign off and back on, Password Manager includes an ActiveX component that can silently update the user's Windows password cache after a web-based password change.
The cache-updating ActiveX component works on Windows XP, Vista and 7 PCs.
Active Directory does not propagate cleared intruder lockout flags on an expedited schedule. This can create problems for remote users who inadvertently trigger a lockout and subsequently call a central help desk for assistance. The help desk will typically clear the user's lockout on a domain controller near the help desk. This lockout may take hours to reach the domain controllers against which the user wishes to authenticate or which support network services that the user wishes to access.
This problem is especially acute in global organizations, with hundreds of domain controllers that employ a global IT support function.
Note that AD password change replication is described here:
Password Manager uniquely circumvents the problem of slow replication of cleared intruder lockouts between Active Directory domain controllers by automatically directing password resets and cleared intruder lockouts to a select set of domain controllers, which the user is most likely to access: