Access Manager 1.3 introduces the Password Hook, a new tool that can provide increased integration with your Active Directory Password Policies.
With the Password Hook installed on your domain controller Access Manager is able to detect and utilise more requirements defined by the Active Directory Password Policies, the first release of this adds the ability to include more password history options.
Downloading the Password Hook
To use the Password Hook first download the installer for your environment:
Windows Server 32bit - version 1.4
Once the file has downloaded move it to the Domain Controller if it was not downloaded on that system.
Installing the Password Hook
- Run the file to begin installation and accept the license.
- You'll be prompted to select which component to install, for a standard installation we recommend keeping both options checked to install all components.
- Next you'll be prompted to select where to install the files and setup the Start menu options.
- Once the installation process is complete you will be prompted to restart the Windows Server for allow the Password Hook DLL to take effect.
- When the system has restarted the Password Hook configuration will be available. Run the NAMPWDCFG program.
- In Directory Name set the name of the connector for this Active Directory in Access Manager
- Shared Secret is the password that has been set in the Authentication options of Access Manager (Authentication > External Service)
- Hostname or IP Address is the Address of the Access Manager server
- Port is Access Manager's operational port, 443 by default
- Use POST - recommended to enable this option
- Use SSL should be enabled if your Access Manager server is configured to use SSL connections
- Allow untrusted certificate and Allow invalid CN are testing options and should not be enabled in a live environment with a fully signed SSL certificate.
6. Once set-up is complete you may be prompted to restart the system a second time for the configuration to apply to the DLL. Once the system is back up the Password Hook should automatically connect to Access Manager and begin providing it's enhanced features.
Troubleshooting issues with Server 2016
It has been seen on some Server 2016 installs, the password hook may not work properly (you can test if it's working by setting a log file in the NAMPWDCFG program, then changing a password from AD Users and Computers and seeing if there is log output).
This appears to be because the Visual C runtime installler that ran as part of the main install did not actually install properly.
It is possible to manually install the runtime from the below links in order to resolve this issue: