• State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 37 subscribers
  • Views 5561 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QPPM functionality when administration server is down

muthukumar.p
over 6 years ago

Hi,

 

We are looking to deploy QPM as one of the service in our AD forest to meet the password complexity requirements. Question is, assuming if the server running QPM administration site is down, what would happen to the passwords reset during that period? Would the DCs hold like a cache of the copy of the policy or for each reset the domain controller makes a connection to one of the QPM server to validate the new password?

Parents
  • 0 over 6 years ago
    few notes.
    1. Password Complexity Policy reside and validated on DC-side. Native AD GPO
    1.2. PWM provides additional Password Complexity Policy GPO (more advanced to native) on top of native AD GPO. That will require to "touch" every single DC and deploy password module on DC native auth. layer. Many customer do not do it to avoid DC touch.
    2. PWM Server hold workflow to reset passwords/unlock via Q/A check. In case PWM Server side is down, Q/A door is down, but AD user (HelpDesk ADUC) still can reset password via native route DC (CTRL-ALT-DEL) as usual (bypassing PWM Server Workflow)
    3. PWM architecture allows to have HA with multiple PWM Servers deployed holding the same Workflows. PWM is front-end enterprise application => requires HA.
    4. PWM also allows DR of the application.
Reply
  • 0 over 6 years ago
    few notes.
    1. Password Complexity Policy reside and validated on DC-side. Native AD GPO
    1.2. PWM provides additional Password Complexity Policy GPO (more advanced to native) on top of native AD GPO. That will require to "touch" every single DC and deploy password module on DC native auth. layer. Many customer do not do it to avoid DC touch.
    2. PWM Server hold workflow to reset passwords/unlock via Q/A check. In case PWM Server side is down, Q/A door is down, but AD user (HelpDesk ADUC) still can reset password via native route DC (CTRL-ALT-DEL) as usual (bypassing PWM Server Workflow)
    3. PWM architecture allows to have HA with multiple PWM Servers deployed holding the same Workflows. PWM is front-end enterprise application => requires HA.
    4. PWM also allows DR of the application.
Children
No Data