Setting the default encryption key


This setting affects the default encryption key for UNIX hosts when they are added for synchronization, as well as the port used for UNIX-to-Windows synchronization. If you change this setting, you must edit the /etc/sso.conf file to specify the same encryption key on UNIX hosts that are configured for UNIX-to-Windows password synchronization with the computer on which you complete this procedure.

To set the default encryption key
  1. Open the Identity Management for UNIX management console by clicking Start, pointing to Administrative Tools, and then clicking Microsoft Identity Management for UNIX.

    You can also open the Identity Management for UNIX management console from within Server Manager, by expanding Roles and then Active Directory Domain Services in the hierarchy pane, and then selecting Microsoft Identity Management for UNIX.

  2. If necessary, connect to the computer you want to manage by using the procedure in Connect to another computer you want to manage.

  3. In the hierarchy pane, click Password Synchronization, and then do one of the following.

    • Right-click Password Synchronization, and then click Properties.

    • Click Properties in the Actions pane.

    • On the Action menu, click Properties.

  4. In the Encryption and decryption key area of the General tab, enter a key you want to use, or click Generate key to have Password Synchronization create a new key for you.

    For maximum security, you should use a key that is the maximum 21 characters in length.

  5. To save your changes, click Apply.


To perform this task in the command line environment, see psadmin.

For more information about setting the password encryption key, see Password Encryption.