2rwxh (2rwxh) asked a question.
Active Directory Password Sync with 2 Domains
We have two domains, one is our old domain, and the second is the new domain where everyone has been migrated too. The old domain is the primary source and the new is secondary. Looks like the passwords aren't sync, when a user changes on the old domain it updates okta but secondary directory source never gets updated or sync. Is there a way to safely sync across both these domains, and if i enable "sync password" under the okta to app integration will that sync it up for me with the second domain?
Hi @2rwxh (2rwxh). Thank you for reaching out to us.
For the second domain you will need to have Sync Password enabled. Usually in these scenarios the setup would be: domain A with Delegated Authentication enabled and Password Sync agent installed on all Domain Controllers and domain B with Sync Password enabled. In this case after a user signs in using Delegated Authentication through domain A or changes the password using Ctrl + Alt + Del in domain A the password will be synced to domain B.
As it looks like the first part (the sync between domain A, the old domain in your case, and Okta) works, all you need is to enable Sync Password for the new domain.
If you need further assistance regarding this or if you encounter any issues I would recommend opening a support case.