| Server IP : 180.180.241.3 / Your IP : 216.73.216.252 Web Server : Microsoft-IIS/7.5 System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 User : IUSR ( 0) PHP Version : 5.3.28 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Windows/Help/Windows/en-US/ |
Upload File : |
MZ����������������������������������������������������������@���PE��L��������������!
��������������������������@�����������������������0�����.��@����������������������������������������������������������������������������������������������������������������������������������������������������.rsrc��������������������������@��@.its�������� ��������������������@��@��������������������������������������������������������������������������������������������������������������������������������������������������������������0����������������� ��H���X��|����������|4���V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�������������������������������������������������������S�t�r�i�n�g�F�i�l�e�I�n�f�o������0�4�0�9�0�4�b�0���b�!��F�i�l�e�V�e�r�s�i�o�n�����1�.�0�0�.�0�0� � � � � � � � � � � � � � � � � � � � � � � � � �����l�"��F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�����C�o�m�p�i�l�e�d� �M�i�c�r�o�s�o�f�t� �H�e�l�p� �2�.�0� �T�i�t�l�e���B���F�i�l�e�S�t�a�m�p�����E�A�F�2�A�9�F�6�0�1�C�A�0�4�1�F���4�����J���C�o�m�p�i�l�e�r�V�e�r�s�i�o�n�����2�.�5�.�7�1�2�1�0�.�0���8�5�7�9�����V���C�o�m�p�i�l�e�D�a�t�e�����2�0�0�9�-�0�7�-�1�4�T�0�1�:�1�0�:�4�6��� � � � � � �����>���T�o�p�i�c�C�o�u�n�t���4�5�����0�0�0�0�0�0�0�0�0�0�0�0������A��L�e�g�a�l�C�o�p�y�r�i�g�h�t���� �2�0�0�5� �M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�.� �A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.���C�C�C�C�C�C�C�C�C�C�C�C�C�����D����V�a�r�F�i�l�e�I�n�f�o�����$����T�r�a�n�s�l�a�t�i�o�n����� ��������������������������������������������ti�-�������H!ITOLITLS���(���������X쌡^�
V`������������������� ������������ ������x��������������������������������������������������������� ��������������������F�������������������������������������������������������������������������CAOL���P���HH��C��� �����������������������ITSF��� ������#������l ���������������������-Y쌡^�
VY쌡^�
VIFCM����������������AOLL��������������������������F�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������IFCM���� ������������AOLL�������������������������/���/$FXFtiAttribute/���/$FXFtiAttribute/BTREE@/$FXFtiAttribute/DATA��/$FXFtiAttribute/PROPERTYXN
/$FXFtiMain/���/$FXFtiMain/BTREEo/$FXFtiMain/DATAk/$FXFtiMain/PROPERTYrN/$Index/$ATTRNAMEV\/$Index/$PROPBAG
/$Index/$STRINGS
N/$Index/$SYSTEM<`
/$Index/$TOC/���/$Index/$TOC/$uim_psync�d/$Index/$TOPICATTR&0/$Index/$TOPICS\`/$Index/$URLSTRl/$Index/$URLTBLth/$Index/$VTAIDX2d/$Index/AssetId/���/$Index/AssetId/$BL0�
/$Index/AssetId/$LEAF_COUNTS/$Index/AssetId/$LEAVES
� /$OBJINSTd
/assets/���0/assets/0abd5d77-da96-49c0-9f54-def67c7dfced.xml�tL0/assets/132fda24-8d94-47a5-afd7-e9a1574f6cb3.xml�@X0/assets/17fd8d2a-eedb-4e9f-be8f-a963caddcc51.xml�
0/assets/2cbe867c-6207-4e6a-ae6f-bea34e820e3d.xml�4H0/assets/2f951d01-2389-4b2f-ad25-53de5b075760.xml�|s0/assets/33e508ca-371c-4955-ab05-8b7b4391981e.xml�ok0/assets/3ae587ba-7932-40d7-a5c8-5274eeee21b2.xml�ZT0/assets/44a8c46b-6abe-42d9-be62-595d0fe118dd.xml�.Z0/assets/4e579be7-1aca-4824-892b-7e69539fb18a.xml�#0/assets/606e4ef7-3857-4cc1-9ff8-73f5097542ea.xml�+�0/assets/6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7.xml�++0/assets/73fef904-1fb4-4f6e-991e-eb22c31fb9e4.xml�Vj0/assets/8bf52dc9-bcf2-4b18-8118-d95836373c31.xml�@Y0/assets/927255eb-3456-4fda-84a3-11a8018e5983.xml�'0/assets/9ad4d968-10d1-4631-a237-bfa10f15c47d.xml�>0/assets/9d328556-507f-452d-ab70-811acad4cdbb.xml�@
0/assets/a8886f80-7f04-4e87-b2ec-2687b4555bcf.xml�M0/assets/c6fe2f12-73e1-46a8-887e-ea873b3d34d0.xml�hT0/assets/c8bd59fc-3d2d-49a6-93c9-1c848540f250.xml�<R0/assets/cfe2d5f2-28eb-42ee-92ee-52c9ec7221df.xml�W0/assets/d9d1159c-770c-4bca-b22a-65460d100146.xml�e
0/assets/dc5f6249-9874-4ac0-a13f-ff932d8c05f3.xml�@0/assets/e755c195-e7e0-4a38-9531-47a31e6e2aea.xml�BR0/assets/e9a8eb5f-83ba-496c-b895-de3061f59bff.xml�0/assets/f0ef8a61-0a50-47dc-99aa-bbe0c2442da8.xml�*0/assets/fad30859-2cc3-4356-99ce-4ea74c19678a.xml�@b/relatedAssets/���7/relatedAssets/3dd4f848-9c62-4403-bfe7-52364867ea8c.gif�@B/uim_psync.h1c�"/uim_psync.H1F�8d/uim_psync.H1T�,-/uim_psync.H1V�
/uim_psync_AssetId.H1K�Yk/uim_psync_BestBet.H1K�Dk/uim_psync_LinkTerm.H1K�/l/uim_psync_SubjectTerm.H1K�o::DataSpace/NameList��<(::DataSpace/Storage/MSCompressed/Content�
2,::DataSpace/Storage/MSCompressed/ControlData�T )::DataSpace/Storage/MSCompressed/SpanInfo�L/::DataSpace/Storage/MSCompressed/Transform/List�<_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/���i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTable�<X3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������t GtaL9&CS�p�F�
��
�U�n�c�o�m�p�r�e�s�s�e�d���
�M�S�C�o�m�p�r�e�s�s�e�d���FX쌡^�
V��������LZXC����������������HH��<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Setting default synchronization</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Setting default synchronization</maml:title><maml:introduction>
<maml:para>The settings in this procedure affect the default synchronization for UNIX hosts when they are added for synchronization. Settings you change in this procedure do not affect computers that have already been added for synchronization.</maml:para>
<maml:procedure><maml:title>To set default synchronization</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console by clicking <maml:ui>Start</maml:ui>, pointing to <maml:ui>Administrative Tools</maml:ui>, and then clicking <maml:ui>Microsoft</maml:ui> <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
<maml:para>You can also open the Identity Management for UNIX management console from within Server Manager, by expanding <maml:ui>Roles</maml:ui> and then <maml:ui>Active Directory Domain Services</maml:ui> in the hierarchy pane, and then selecting <maml:ui>Microsoft Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage by using the procedure in <maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane, click <maml:ui>Password Synchronization</maml:ui>, and then do one of the following.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click <maml:ui>Password Synchronization</maml:ui>, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Properties</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Direction of password synchronization area</maml:ui> of the <maml:ui>General</maml:ui> tab, select the direction in which you want passwords to be synchronized.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To allow password synchronization from Windows-based computers to UNIX-based computers, select <maml:ui>Windows to UNIX</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To allow password synchronization from UNIX-based computers to Windows-based computers, select <maml:ui>UNIX to Windows</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Apply</maml:ui> to save your changes.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To perform this task in the command line environment, see <maml:navigationLink><maml:linkText>psadmin</maml:linkText><maml:uri href="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Best Practices for Password Synchronization</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Best practices</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Install Password Synchronization on appropriate domain controllers</maml:ui> To ensure consistent synchronization of domain passwords with UNIX passwords, Password Synchronization must be installed on the primary domain controller and, in the case of a Windows 2000 domain, all domain controllers in a domain. </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If you add a domain controller to a domain, you should install Password Synchronization on the new domain controller as soon as possible and configure it to match the other domain controllers.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If you need to remove Password Synchronization from any domain controller, you should demote the server to a member server before uninstalling Password Synchronization.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Ensure consistent password policies</maml:ui> If you are providing only for one-way password synchronization, make sure that the password policy on the computer from which passwords will be synchronized is at least as restrictive in all areas as the policy on the computer to which passwords are synchronized. For example, if you configure Windows-to-UNIX synchronization, the Windows password policy must be at least as restrictive as the policy of the UNIX computers with which it synchronizes passwords. If you are supporting two-way synchronization, the password policies must be equally restrictive on both systems. Inconsistent password policies can result in synchronization failure when a user changes a password on the less restrictive system; or the password might be changed on the more restrictive system, even if it does not conform to the system's policies.</maml:para>
<maml:para>Make sure that Windows users are aware of any special password restrictions on the UNIX systems with which their passwords will be synchronized. For example, some versions of UNIX support a maximum password length of eight characters. For maximum compatibility with the default Windows password policy and these UNIX limitations, passwords should be seven or eight characters long unless you are sure that all UNIX systems can support longer passwords.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Configure Password Synchronization to provide the maximum protection for your users' passwords</maml:ui></maml:para>
<maml:para>Follow these recommendations to maintain optimal security:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Explicitly list the users whose passwords are to be synchronized</maml:ui> To provide maximum control over which users can synchronize passwords, do not use the ALL keyword with the SYNC_USERS list in sso.conf on the UNIX host. Instead, you should explicitly list each user for whom password synchronization is allowed or blocked. On the Windows-based computer running Password Synchronization, create the PasswordPropAllow group and add the accounts of users whose passwords you want to synchronize. For more information, see <maml:navigationLink><maml:linkText>Controlling password synchronization for user accounts</maml:linkText><maml:uri href="mshelp://windows/?id=e9a8eb5f-83ba-496c-b895-de3061f59bff"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Do not synchronize passwords for disabled UNIX accounts</maml:ui> On some versions of UNIX, changing the password of a disabled user account activates that account. Consequently, if a user has a disabled account on a UNIX computer that is configured to synchronize passwords with a Windows-based computer, the user or an administrator can activate the UNIX account by changing the user's Windows password. To prevent this, use the PasswordPropDeny group to block synchronization for disabled UNIX accounts.</maml:para>
<maml:para>Also, when an administrator disables a UNIX account, the administrator should use the SYNC_USERS entry in sso.conf to block password synchronization for the account.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Avoid synchronizing administrator passwords</maml:ui> Do not synchronize passwords for members of the Windows Administrators groups or the passwords of UNIX superuser or root accounts.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Perform the Windows</maml:ui> <maml:ui>Server 2003 Service Pack 1 (SP1) compatibility check</maml:ui> when you enable <maml:ui>Windows to NIS (Active Directory) password synchronization</maml:ui> in the <maml:ui>Password Synchronization Properties</maml:ui> dialog box, <maml:ui>Configuration</maml:ui> tab. To protect the security of user account passwords in your enterprise, it is strongly recommended that you allow Password Synchronization to identify all domain controllers in the forest that are not running Windows Server 2003 SP1 or later releases.</maml:para>
<maml:para>Password Synchronization prompts you to allow the compatibility check when you select <maml:ui>Enable</maml:ui> in the <maml:ui>Windows to NIS (Active Directory) password synchronization</maml:ui> area. With Windows Server 2003 SP1, or a later release installed on all the domain controllers in a forest, the risk of exposing user password hashes to unauthorized viewers is greatly reduced. When Windows Server 2003 SP1 is not the minimum functional level of all the domain controllers in a forest, it is possible for any authenticated user on the domain to view the password hash for any UNIX user whose account has been migrated to Active Directory Domain Services (AD DS).</maml:para>
<maml:para>In the event an unauthorized user breaks the password hash for a UNIX-based user account in AD DS, the Windows-based password for the account is no longer secure.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
</maml:list>
<maml:para>When Password Synchronization is installed, members of the local Administrators group and the Domain Administrators group are added to the <maml:computerOutputInline>PasswordPropDeny</maml:computerOutputInline> group, which prevents their passwords from being synchronized. If you add a user to either the Administrators or Domain Administrators group, be sure to add the user to the <maml:computerOutputInline>PasswordPropDeny</maml:computerOutputInline> group as well.</maml:para>
<maml:para>Modify the SYNC_USERS statement in the sso.conf file on all UNIX-based systems to prevent the passwords of superusers from being synchronized.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Do not use the default port number and encryption key</maml:ui> Preserving the default port number and encryption key makes it possible for an attacker to set up a spoofing UNIX host to capture passwords. You should protect the port number and encryption keys used to synchronize passwords as carefully as the passwords themselves.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Secure the sso.conf file</maml:ui> The sso.conf file on each UNIX host contains important configuration information that could be used to compromise security. It is recommended that you set the mode bit mask of the file to 600.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Ensure that the directory identified by TEMP_FILE_PATH is properly protected</maml:ui> The temporary files created on UNIX hosts by Password Synchronization contain information that could be used by an attacker to compromise system security. For this reason, you should ensure that any directory referenced by TEMP_FILE_PATH in sso.conf has read access only for the <maml:computerOutputInline>root</maml:computerOutputInline> account and cannot be accessed by any other users.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Ensure log files are appropriately protected</maml:ui> On the UNIX host, Password Synchronization uses the <maml:computerOutputInline>syslogd</maml:computerOutputInline> daemon to log messages that result from synchronization operations. The resulting logs contain such information as the names of users whose passwords are being synchronized and with which computers, propagation errors, and so on. These log files should be protected to ensure that only administrators can view them.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Restart the Password Synchronization daemon after changing its configuration</maml:ui> When you make changes to the Password Synchronization daemon configuration file (sso.conf), you must stop and restart the daemon for configuration changes to take effect.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Configure systems to handle user name case sensitivity correctly</maml:ui> Unless you rigorously enforce a policy to ensure that Windows and UNIX user names match in both spelling and case, verify that the CASE_IGNORE_NAME option in the sso.conf file is set to 1 (the default). UNIX user names are case sensitive; therefore, passwords might not synchronize properly if the user names do not match exactly, because the Password Synchronization daemon is unable to associate the Windows user name with the corresponding UNIX user name.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Make sure that password file type and name are consistent</maml:ui> When you configure the Password Synchronization daemon, verify that the password file type (specified by USE_SHADOW) and path name (set by FILE_PATH) are appropriate for each other. For example, on most systems, if USE_SHADOW is set to 0 (to indicate that the passwd file is used for synchronization), then the FILE_PATH option should be set to /etc/passwd. However, if USE_SHADOW is set to 1 (to indicate that the shadow file is used instead), then the FILE_PATH option should be set to /etc/shadow. (On IBM AIX systems, the path and name of the shadow file is /etc/security/passwd.)</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Command-line Utility in Password Synchronization</maml:title><maml:introduction>
<maml:para>The following command-line utility is available to administer Password Synchronization.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Command-line Utility in Password Synchronization</maml:title><maml:introduction>
<maml:para><maml:navigationLink><maml:linkText>psadmin</maml:linkText><maml:uri href="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4"></maml:uri></maml:navigationLink></maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Remove Identity Management for UNIX Components</maml:title><maml:introduction>
<maml:para>Identity Management for UNIX is considered a role service, or a software subcomponent, of the Active Directory Domain Services server role.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>To remove Identity Management for UNIX</maml:title><maml:introduction>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=2cbe867c-6207-4e6a-ae6f-bea34e820e3d#BKMK_Windows"></maml:uri></maml:navigationLink></maml:para>
<maml:para><maml:navigationLink><maml:linkText>Using Windows PowerShell</maml:linkText><maml:uri href="mshelp://windows/?id=2cbe867c-6207-4e6a-ae6f-bea34e820e3d#BKMK_wps"></maml:uri></maml:navigationLink></maml:para>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=2cbe867c-6207-4e6a-ae6f-bea34e820e3d#BKMK_command"></maml:uri></maml:navigationLink></maml:para>
</maml:introduction>
<maml:sections>
<maml:section address="BKMK_Windows">
<maml:title>Remove Identity Management for UNIX by using the Windows interface</maml:title><maml:introduction>
<maml:procedure><maml:title>To remove Identity Management for UNIX by using the Windows interface</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the tree pane, expand <maml:ui>Roles</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the role home page for AD DS, in the <maml:ui>Roles</maml:ui> section, in the list of common tasks, click <maml:ui>Remove Role Services</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Select Role Services</maml:ui> page of the Remove Role Services Wizard, clear the check box for <maml:ui>Identity Management for UNIX</maml:ui> or the parts of Identity Management for UNIX that you want to remove, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After verifying your selections on the <maml:ui>Confirm Removal Selections</maml:ui> page, click <maml:ui>Remove</maml:ui>.</maml:para>
<maml:para>The computer must be restarted after the removal of Identity Management for UNIX finishes.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>You must be a member of the Administrators group on the local computer to remove Identity Management for UNIX components.</maml:alert><maml:alert>Server Manager is available only to members of the Administrators group on the local computer. By default, Server Manager opens when an administrator logs on to the computer. You can open Server Manager from the <maml:ui>Start</maml:ui> menu, the <maml:ui>Quick Launch</maml:ui> bar, or in Administrative Tools.</maml:alert></maml:alertSet>
</maml:introduction></maml:section>
<maml:section address="BKMK_wps"><maml:title>Remove Identity Management for UNIX by using Windows PowerShell</maml:title>
<maml:introduction><maml:para>You can use the Windows PowerShell set of cmdlets for Server Manager to remove Identity Management for UNIX.</maml:para>
<maml:procedure><maml:title>To remove Identity Management for UNIX by using Windows PowerShell</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Open a Windows PowerShell session with elevated user rights. To do this, click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, click <maml:ui>Windows PowerShell</maml:ui>, right-click the <maml:ui>Windows PowerShell</maml:ui> shortcut, and then click <maml:ui>Run as administrator</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Load the Server Manager module into the Windows PowerShell session before working with Server Manager cmdlets. Type the following, and then press <maml:ui>Enter</maml:ui>.</maml:para>
<maml:para><maml:userInput>Import-Module Servermanager</maml:userInput></maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Windows PowerShell cmdlets are not case-sensitive.</maml:para></maml:alertSet></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Do one of the following.</maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>To remove all Identity Management for UNIX components, type the following, and then press <maml:ui>Enter</maml:ui>. <maml:userInput>Remove-WindowsFeature ADDS-Identity-Mgmt -restart</maml:userInput></maml:para></maml:listItem>
<maml:listItem><maml:para>To remove only Password Synchronization, type the following, and then press <maml:ui>Enter</maml:ui>. <maml:userInput>Remove-WindowsFeature ADDS-Password-Sync -restart</maml:userInput></maml:para></maml:listItem>
<maml:listItem><maml:para>To remove only Server for NIS, type the following, and then press <maml:ui>Enter</maml:ui>. <maml:userInput>Add-WindowsFeature ADDS-NIS -restart</maml:userInput></maml:para></maml:listItem></maml:list>
<maml:para>A restart of the computer is required after you remove Identity Management for UNIX. The <maml:computerOutputInline>-restart</maml:computerOutputInline> parameter restarts the computer automatically after removal is completed.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para> Add the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter to your command to instruct Server Manager to show the list of all software that is removed by default by the command. Running the command together with the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter does not result in an actual removal; the command results show only what would be removed during an actual removal.</maml:para>
</maml:alertSet></maml:introduction></maml:section>
<maml:section address="BKMK_command">
<maml:title>Remove Identity Management for UNIX by using a command line</maml:title><maml:introduction>
<maml:para>Server Manager command line tools let you install or remove roles, role services, or features in a Windows Command Prompt. Identity Management for UNIX can be removed by using the Server Manager line command because it is a role service of the Active Directory Domain Services role.</maml:para>
<maml:para>You can run the Server Manager line command, ServerManagerCmd.exe, from any directory on the local computer. You must be a member of the Administrators group on the local computer to run the Server Manager command.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Because of security restrictions imposed by User Account Control in Windows Server 2008 R2, you must run ServerManagerCmd.exe in a Command Prompt window opened with elevated user rights. To do this, right-click the <maml:ui>Command Prompt</maml:ui> executable, or the <maml:ui>Command Prompt</maml:ui> object on the <maml:ui>Start</maml:ui> menu, and then click <maml:ui>Run as administrator</maml:ui>.</maml:para>
</maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Other parameters are available for this command, such as <maml:computerOutputInline>-restart</maml:computerOutputInline>, which automatically restarts the computer after removal if it is required by the programs that you have removed. The <maml:computerOutputInline>-restart</maml:computerOutputInline> parameter is added to commands in this section, because the computer must be restarted after the removal of Identity Management for UNIX completes. We recommend that you read about additional Server Manager command line parameters in the topic "Overview of Server Manager Commands" in the Server Manager Help.</maml:para>
</maml:alertSet>
<maml:procedure><maml:title>To remove Identity Management for UNIX by using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In a <maml:ui>Command Prompt</maml:ui> window opened with elevated user rights, type one of the following and press <maml:ui>ENTER</maml:ui>.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:userInput>ServerManagerCmd.exe -remove ADDS-Identity-Management -restart</maml:userInput> to remove all Identity Management for UNIX</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:userInput>ServerManagerCmd.exe -remove ADDS-NIS -restart</maml:userInput> to remove Server for NIS only</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:userInput>ServerManagerCmd.exe -remove ADDS-Password-Sync -restart</maml:userInput> to remove Password Synchronization only</maml:para>
</maml:listItem></maml:list>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para> Add the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter to your command to instruct Server Manager to show the list of all software that is removed by default by the command. Running the command together with the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter does not result in an actual removal.The command results show only what would be removed during an actual removal.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Additional removal tasks</maml:title><maml:introduction>
<maml:para>The single sign-on daemon (SSOD) is installed on all UNIX computers with which passwords are synchronized. If the UNIX computers are no longer synchronizing passwords with other Windows-based servers on the network running Password Synchronization, you can remove the SSOD files from the UNIX computers.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>Identity Management for UNIX: How To...</maml:linkText><maml:uri href="mshelp://windows/?id=4e579be7-1aca-4824-892b-7e69539fb18a"></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Install Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Adding or removing computers for synchronization</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Adding or removing computers for synchronization</maml:title><maml:introduction>
<maml:para>In addition to adding a UNIX-based computer to the list of UNIX-based computers participating in password synchronization, if you want to change the user's password on the UNIX computer when the corresponding Windows user's password is changed, you must install the Password Synchronization single sign-on daemon (SSOD) on the UNIX-based computer. For more information, see <maml:navigationLink><maml:linkText>Install the Password Synchronization daemon on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=f0ef8a61-0a50-47dc-99aa-bbe0c2442da8"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>If you want to change the Windows user's password when the corresponding UNIX-based computer user's password is changed, you must install the pluggable authentication module (PAM) on the UNIX-based computer. For more information, see <maml:navigationLink><maml:linkText>Install the Password Synchronization pluggable authentication module</maml:linkText><maml:uri href="mshelp://windows/?id=c6fe2f12-73e1-46a8-887e-ea873b3d34d0"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Adding a computer for synchronization</maml:title><maml:introduction>
<maml:procedure><maml:title>To add a computer for synchronization</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console by clicking <maml:ui>Start</maml:ui>, pointing to <maml:ui>Administrative Tools</maml:ui>, and then clicking <maml:ui>Microsoft</maml:ui> <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
<maml:para>You can also open the Identity Management for UNIX management console from within Server Manager, by expanding <maml:ui>Roles</maml:ui> and then <maml:ui>Active Directory Domain Services</maml:ui> in the hierarchy pane, and then selecting <maml:ui>Microsoft Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage by using the procedure in <maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane, under the <maml:ui>Password Synchronization</maml:ui> node, click <maml:ui>UNIX Computers</maml:ui>, and then do one of the following.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click <maml:ui>UNIX Computers</maml:ui>, and then click <maml:ui>Add Computer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Add Computer</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Add Computer</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Computer name</maml:ui> text box of the <maml:ui>Add Computer</maml:ui> dialog box, provide the name or IP address of a UNIX-based computer.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Direction of password synchronization</maml:ui> area, select the direction of password synchronization for this computer.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, specify a different encryption key than the default key, or click <maml:ui>Generate key</maml:ui> to have Password Synchronization generate a new key for synchronization with this computer.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, change the port number this computer monitors for password changes. The default is 6677.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Removing a computer from synchronization</maml:title><maml:introduction>
<maml:procedure><maml:title>To remove a computer from synchronization</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX snap-in by clicking <maml:ui>Start</maml:ui>, pointing to <maml:ui>All Programs</maml:ui>, and then clicking <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage by using the procedure in <maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane, under the <maml:ui>Password Synchronization</maml:ui> node, click <maml:ui>UNIX Computers</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, select the UNIX-based computer that you want to remove from synchronization.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>With the computer selected in the results pane, do one of the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click the computer, and then click <maml:ui>Delete</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Delete</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Delete</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you are certain you want to delete the computer from synchronization, click <maml:ui>OK</maml:ui> when prompted.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To perform this task in the command line environment, see <maml:navigationLink><maml:linkText>psadmin</maml:linkText><maml:uri href="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Password Synchronization Concepts</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>In this section</maml:title><maml:introduction>
<maml:para><maml:navigationLink><maml:linkText>Synchronizing Passwords with an NIS Domain</maml:linkText><maml:uri href="mshelp://windows/?id=6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7"></maml:uri></maml:navigationLink></maml:para>
<maml:para><maml:navigationLink><maml:linkText>Password Encryption</maml:linkText><maml:uri href="mshelp://windows/?id=dc5f6249-9874-4ac0-a13f-ff932d8c05f3"></maml:uri></maml:navigationLink></maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Setting the default port</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Setting the default port</maml:title><maml:introduction>
<maml:para>This setting affects the default port number for UNIX hosts when they are added for synchronization, as well as the port used for UNIX-to-Windows synchronization.</maml:para>
<maml:para>If you change this setting, you must edit the /etc/sso.conf file to specify the same port on UNIX hosts that are configured for UNIX-to-Windows password synchronization with this computer.</maml:para>
<maml:procedure><maml:title>To set the default port</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console by clicking <maml:ui>Start</maml:ui>, pointing to <maml:ui>Administrative Tools</maml:ui>, and then clicking <maml:ui>Microsoft</maml:ui> <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
<maml:para>You can also open the Identity Management for UNIX management console from within Server Manager, by expanding <maml:ui>Roles</maml:ui> and then <maml:ui>Active Directory Domain Services</maml:ui> in the hierarchy pane, and then selecting <maml:ui>Microsoft Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage by using the procedure in <maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane, click <maml:ui>Password Synchronization</maml:ui>, and then do one of the following.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click <maml:ui>Password Synchronization</maml:ui>, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Properties</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Port configuration</maml:ui> area of the <maml:ui>General</maml:ui> tab, provide a new port number if needed.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>For maximum security, use a port number other than the default (6677). Before changing the default port number on a computer that is running a firewall program, check your firewall settings to verify that the firewall allows the new port number but blocks the previous port number.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Apply</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To perform this task in the command line environment, see <maml:navigationLink><maml:linkText>psadmin</maml:linkText><maml:uri href="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connect to another computer you want to manage</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>To connect to another computer you want to manage</maml:title><maml:introduction>
<maml:para>Perform the following steps to manage Identity Management for UNIX on a remote computer.</maml:para>
<maml:procedure><maml:title>To connect to another computer</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Identity Management for UNIX.</maml:para>
<maml:para>To open Identity Management for UNIX, click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Identity Management for UNIX</maml:ui>. You can also open Identity Management for UNIX from Server Manager by expanding Active Directory Domain Services in the hierarchy pane, and then selecting the <maml:ui>Identity Management for UNIX</maml:ui> node.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click the <maml:ui>Microsoft Identity Management for UNIX</maml:ui> node in the hierarchy pane, and then click <maml:ui>Connect to another computer</maml:ui>. On the <maml:ui>Select Computer</maml:ui> dialog box, select <maml:ui>Another Computer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Connect to another computer</maml:ui>, and then select <maml:ui>Another Computer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>With the <maml:ui>Microsoft Identity Management for UNIX</maml:ui> node at the top of the hierarchy pane highlighted, click <maml:ui>Connect to another computer</maml:ui> on the <maml:ui>Action</maml:ui> menu. On the <maml:ui>Select Computer</maml:ui> dialog box, select <maml:ui>Another Computer</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the box, type the name or IP address of the computer to use, or click <maml:ui>Browse</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When you have identified or found the computer you want, click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>You must be logged on with an account that is a member of the Administrators group on the remote computer.</maml:alert><maml:alert>There is no command-line method for this procedure.</maml:alert></maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>Identity Management for UNIX: How To...</maml:linkText><maml:uri href="mshelp://windows/?id=4e579be7-1aca-4824-892b-7e69539fb18a"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Identity Management for UNIX: How To...</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>In this section</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Install Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start or stop Identity Management for UNIX components</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Remove Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=2cbe867c-6207-4e6a-ae6f-bea34e820e3d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Password Synchronization Setup</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>In this section</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting the password encryption key</maml:linkText><maml:uri href="mshelp://windows/?id=fad30859-2cc3-4356-99ce-4ea74c19678a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting default synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=0abd5d77-da96-49c0-9f54-def67c7dfced"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting the default port</maml:linkText><maml:uri href="mshelp://windows/?id=3ae587ba-7932-40d7-a5c8-5274eeee21b2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Adding or removing computers for synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=2f951d01-2389-4b2f-ad25-53de5b075760"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting computer-specific synchronization properties</maml:linkText><maml:uri href="mshelp://windows/?id=cfe2d5f2-28eb-42ee-92ee-52c9ec7221df"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting auditing options</maml:linkText><maml:uri href="mshelp://windows/?id=a8886f80-7f04-4e87-b2ec-2687b4555bcf"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Controlling password synchronization for user accounts</maml:linkText><maml:uri href="mshelp://windows/?id=e9a8eb5f-83ba-496c-b895-de3061f59bff"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Synchronizing Passwords with an NIS Domain</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Synchronizing passwords with an NIS domain</maml:title><maml:introduction>
<maml:para>By using Password Synchronization, you can provide one-way (Windows-to-UNIX) and two-way password synchronization between Windows domains and Network Information Service (NIS) domains. You can do this regardless of whether the master server of the NIS domain is running a UNIX-based operating system or is a Windows-based computer running Server for NIS.</maml:para>
<maml:para>If the NIS master server is running a UNIX-based operating system, all that is required to provide one-way synchronization is to install Password Synchronization on all Windows-based computers (for example, on the domain controllers) from which you want to synchronize passwords, and then install the single sign-on daemon (SSOD) on the NIS master server. You then edit the sso.conf file on the NIS master server to do the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Set <maml:computerOutputInline>USE_NIS</maml:computerOutputInline> to <maml:computerOutputInline>1</maml:computerOutputInline>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Set <maml:computerOutputInline>NIS_UPDATE_PATH</maml:computerOutputInline> to specify the location of the NIS makefile.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>This instructs the SSOD to run the makefile and push the changed maps whenever a password change request is received from the Windows domain. For more information and additional instructions, see <maml:navigationLink><maml:linkText>Install the Password Synchronization daemon on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=f0ef8a61-0a50-47dc-99aa-bbe0c2442da8"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>If Server for NIS is the master server for the NIS domain, you can provide one-way password synchronization from Windows to UNIX by selecting <maml:ui>Enable</maml:ui> in the <maml:ui>Windows to NIS (Active Directory) password synchronization</maml:ui> area of the <maml:ui>Configuration</maml:ui> tab in the <maml:ui>Password Synchronization Properties</maml:ui> dialog box. Because enabling Windows to NIS (Active Directory) password synchronization can expose passwords to greater risk of unauthorized use, selecting <maml:ui>Enable</maml:ui> prompts you to run a compatibility check of all domain controllers in the forest, to verify that they have the minimum security features to help protect user passwords.</maml:para>
<maml:para>If you need to synchronize passwords with UNIX computers that are not part of the NIS domain, install Password Synchronization on Windows-based Active Directory Domain Services domain controllers and configure the UNIX computers as described earlier in this topic.</maml:para>
<maml:para>You can provide UNIX-to-Windows synchronization for both types of NIS domains by doing the following.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If the NIS master server is running a UNIX-based operating system, configure the server for one-way synchronization as described earlier in this topic.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Install Password Synchronization on all domain controllers. If the NIS master server is running a UNIX-based operating system, configure Password Synchronization on Windows-based servers for two-way synchronization with the master server. Finally, add each NIS client to the list of computers with which Password Synchronization works, taking care to enable UNIX-to-Windows synchronization and disable Windows-to-UNIX synchronization. Windows-to-UNIX synchronization should be enabled only for the NIS master server. For more information about adding and configuring computers, see <maml:navigationLink><maml:linkText>Adding or removing computers for synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=2f951d01-2389-4b2f-ad25-53de5b075760"></maml:uri></maml:navigationLink> and <maml:navigationLink><maml:linkText>Setting computer-specific synchronization properties</maml:linkText><maml:uri href="mshelp://windows/?id=cfe2d5f2-28eb-42ee-92ee-52c9ec7221df"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Install the Password Synchronization pluggable authentication module (PAM) on each NIS client, and then copy the sso.conf file from the master server to the /etc directory of those clients. For more information, see <maml:navigationLink><maml:linkText>Install the Password Synchronization pluggable authentication module</maml:linkText><maml:uri href="mshelp://windows/?id=c6fe2f12-73e1-46a8-887e-ea873b3d34d0"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the NIS master server is a Windows-based computer running Server for NIS, copy Sso.cfg to one of the NIS clients, set <maml:computerOutputInline>SYNC_HOSTS</maml:computerOutputInline> to specify the computer running Server for NIS as the Windows-based computer with which to synchronize passwords, and then copy the file to the other UNIX clients. See <maml:navigationLink><maml:linkText>Use sso.conf to configure Password Synchronization on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=8bf52dc9-bcf2-4b18-8118-d95836373c31"></maml:uri></maml:navigationLink> to learn more about settings in this file.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Configure each UNIX computer to allow users to use the <maml:computerOutputInline>yppasswd</maml:computerOutputInline> command to change their passwords. To do this, replace the yppasswd binary file on the UNIX computer with a link to the passwd binary file, and then edit the /etc/nsswitch.conf file to replace the passwd and shadow lines with the following:</maml:para>
<dev:code>passwd: files [NOTFOUND=continue] nis
shadow: files [NOTFOUND=continue] nis</dev:code>
<maml:para>After you do this, when a user runs the yppasswd command to change the user's password, it is actually the passwd binary file that is run to change the password. If the user's passwd entry is not found in the local passwd and shadow files, the NIS password is changed instead.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>psadmin</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>psadmin</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>NAME</maml:title><maml:introduction>
<maml:para>psadmin - Windows command-line utility to manage Password Synchronization</maml:para>
</maml:introduction></maml:section>
<maml:section>
<maml:title>SYNOPSIS</maml:title><maml:introduction>
<dev:code>psadmin [<maml:replaceable>computername</maml:replaceable>] [<maml:replaceable>common_option</maml:replaceable>] [add | delete | list]
psadmin [<maml:replaceable>computername</maml:replaceable>] [<maml:replaceable>common_option</maml:replaceable>] config [<maml:replaceable>config_option</maml:replaceable>]</dev:code>
</maml:introduction></maml:section>
<maml:section>
<maml:title>DESCRIPTION</maml:title><maml:introduction>
<maml:para>The <maml:computerOutputInline>psadmin</maml:computerOutputInline> Windows command-line utility manages the Password Synchronization component of Identity Management for UNIX, either on a specified computer, or globally. The specific action that <maml:computerOutputInline>psadmin</maml:computerOutputInline> performs depends on the command argument you specify.</maml:para>
<maml:para>In addition to specific command arguments, <maml:computerOutputInline>psadmin</maml:computerOutputInline> accepts the following common options and arguments, represented by <maml:replaceable>common_option</maml:replaceable> in the command synopsis:</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Term</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Definition</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-u</maml:computerOutputInline> <maml:replaceable>username</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The account name of the user whose password synchronization behavior you want to modify or view.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-p</maml:computerOutputInline> <maml:replaceable>password</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The password for the user account whose password synchronization behavior you want to modify or view.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-?</maml:computerOutputInline></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays usage information for the command.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para>The following configuration options are accepted by <maml:computerOutputInline>psadmin</maml:computerOutputInline>:</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Term</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Definition</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-comp</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>name</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Computer to which configuration options are applied. If <maml:computerOutputInline>-comp</maml:computerOutputInline> is unspecified, Password Synchronization modifies the default configuration settings. If <maml:computerOutputInline>-comp</maml:computerOutputInline> is the only option specified, then Password Synchronization configuration of the specified computer is displayed.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-enable</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>direction</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the direction of password synchronization. The variable <maml:replaceable>direction</maml:replaceable> can contain one of the following values:</maml:para>
<maml:para><maml:computerOutputInline>WintoUnix</maml:computerOutputInline>: Synchronize password changes from computers that run Windows operating systems to computers that run UNIX operating systems.</maml:para>
<maml:para><maml:computerOutputInline>UnixToWin</maml:computerOutputInline>: Synchronize password changes from computers that run UNIX operating systems to computers that run Windows operating systems.</maml:para>
<maml:para><maml:computerOutputInline>BothDir</maml:computerOutputInline>: Enable two-way password synchronization.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-key</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>keyvalue</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Sets the encryption and decryption key for the computer specified by <maml:computerOutputInline>-comp</maml:computerOutputInline>. If <maml:replaceable>keyvalue</maml:replaceable> is random, Password Synchronization uses a random encryption key.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-port</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>number</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Sets the port number for the specified computer.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-retry</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>number</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the number of retries allowed. Because this option is a global setting, it can be used only when <maml:computerOutputInline>-comp</maml:computerOutputInline> is not used.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-interval</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>secs</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the elapsed time period, in seconds, between retries. Because this option is a global setting, it can be used only when <maml:computerOutputInline>-comp</maml:computerOutputInline> is not used.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-log</maml:computerOutputInline><maml:ui> </maml:ui>[<maml:computerOutputInline>yes</maml:computerOutputInline><maml:ui> </maml:ui>|<maml:ui> </maml:ui><maml:computerOutputInline>no</maml:computerOutputInline>]</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enables or disables logging. Because this option is a global setting, it can be used only when <maml:computerOutputInline>-comp</maml:computerOutputInline> is not used.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>-?</maml:computerOutputInline></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays <maml:computerOutputInline>psadmin</maml:computerOutputInline> usage and arguments.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para>The following command arguments are accepted by <maml:computerOutputInline>psadmin</maml:computerOutputInline>:</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Term</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Definition</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>add</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>computername</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Adds the specified computer to the list of computers participating in password synchronization.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>delete</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>computername</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Deletes the specified computer from the list of computers participating in password synchronization.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>list</maml:computerOutputInline></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays the list of computers participating in Password Synchronization.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:computerOutputInline>syncSNIS</maml:computerOutputInline> [<maml:computerOutputInline>yes </maml:computerOutputInline>| <maml:computerOutputInline>no</maml:computerOutputInline>]</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enable (yes) or disable (no) automatic synchronization of passwords in the Windows to UNIX direction for all NIS accounts that have been migrated to Active Directory Domain Services (AD DS). If you add the <maml:computerOutputInline>syncSNIS</maml:computerOutputInline> parameter to the <maml:computerOutputInline>psadmin</maml:computerOutputInline> command with a "yes" value, you are prompted to perform the Windows Server 2003 Service Pack 1 (SP1) compatibility check. It is strongly recommended that you perform this check as a security best practice. For more information about the compatibility check, see <maml:navigationLink><maml:linkText>Best Practices for Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=132fda24-8d94-47a5-afd7-e9a1574f6cb3"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Use sso.conf to configure Password Synchronization on UNIX-based computers</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Use sso.conf to configure Password Synchronization on the UNIX-based computer</maml:title><maml:introduction>
<maml:para>To change settings and customize how Password Synchronization works on a UNIX-based computer, you change settings in the sso.conf file. For information about installing the sso.conf file, see <maml:navigationLink><maml:linkText>Install the Password Synchronization daemon on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=f0ef8a61-0a50-47dc-99aa-bbe0c2442da8"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>The following table describes the values you can set in the sso.conf file.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Value</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>CASE_IGNORE_NAME</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether Password Synchronization will ignore differences in uppercase and lowercase letters in user names when it compares Windows and UNIX user names. To allow case-insensitive comparisons, set this entry to 1 (the default). To force Password Synchronization to use case-sensitive comparisons, set this entry to 0.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>ENCRYPT_KEY</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the default key used to encrypt passwords exchanged with Windows servers. You can use settings in the SYNC_HOSTS value to specify a different encryption key for a specific Windows server.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>FILE_PATH</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the full path and name of the passwd or shadow file (such as /etc/passwd). This file must contain the encrypted passwords for users, and the type of file (passwd or shadow) must be the same as specified by USE_SHADOW. On AIX systems, the path and name of the shadow file is /etc/security/passwd.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>IGNORE_PROPAGATION_ERRORS</maml:para>
</maml:entry>
<maml:entry>
<maml:para>When set to <maml:ui>1</maml:ui>, specifies that the Password Synchronization PAM module is to ignore any error that occurs when a Windows password is being changed and to continue synchronization with other hosts specified in SYNC_HOSTS.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>NIS_UPDATE_PATH</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the full path to the NIS makefile. This value is ignored unless USE_NIS is set to <maml:ui>1</maml:ui>.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>PORT_NUMBER</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the default number of the port on which the Password Synchronization daemon will listen for password changes from Windows servers. You can use settings in the SYNC_HOSTS value to specify a different port number for a specific Windows server.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>SYNC_DELAY</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the number of seconds the Password Synchronization PAM module will wait between synchronization attempts.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>SYNC_HOSTS</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the Windows servers or domain controllers with which passwords are to be synchronized. In addition, you can specify a port number or encryption key (or both) for a specific server. Enclose each entry in parentheses and separate items with a blank space. You can have multiple entries on separate lines, each of which cannot exceed 269 characters. The total list of servers or domain controllers is generated by concatenating all entries. For example: </maml:para>
<dev:code>SYNC_HOSTS=(Marketing)
SYNC_HOSTS=(Sales,ASDFhjkl4321ZyXw) (Accounting,6678)
SYNC_HOSTS=(Shipping,6678,ASDFhjkl4321ZyXw)</dev:code>
<maml:para>synchronizes passwords with the Marketing server using the default port and encryption key, with the Sales server using ASDFhjkl4321ZyXw as the encryption key, with the Accounting server using 6678 as the port number, and with the Shipping server using 6678 as the port number and ASDFhjkl4321ZyXw as the encryption key.</maml:para>
<maml:para>If you use server-specific port number or encryption key settings, you must use the same values to configure Password Synchronization on the Windows server, or the passwords will not be synchronized.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>SYNC_RETRIES</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the number of times that the Password Synchronization PAM module will attempt to synchronize a password change with a Windows server or domain controller.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>SYNC_USERS</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies UNIX users whose passwords are to be synchronized. You can specify ALL to synchronize passwords for all users or NONE to disable password synchronization for users. You can also specify particular users. If you specify one or more users preceded by plus signs (<maml:ui>+</maml:ui>), only those users will have their passwords synchronized. If you specify one or more users preceded by minus signs (<maml:ui>–</maml:ui>), all users except the specified users will have their passwords synchronized. For example, to allow only users bobg and kimr to synchronize their passwords, specify:</maml:para>
<dev:code>SYNC_USERS=+bobg +kimr</dev:code>
<maml:para>To prevent only root and bobg from having their passwords synchronized, specify:</maml:para>
<dev:code>SYNC_USERS=–root –bobg</dev:code>
<maml:para>The minus sign always takes precedence, regardless of the order in which entries appear. For example, the following specifies that the password for user chrisa will not be synchronized:</maml:para>
<dev:code>SYNC_USERS=+chrisa –chrisa +chrisa</dev:code>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>TEMP_FILE_PATH</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the full path of the directory to be used to hold a temporary file while the passwd or shadow file is updated. This should be the same directory in which the passwd or shadow file is located. For security reasons, only the administrator should have access to this directory.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>USE_NIS</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Set to <maml:ui>0</maml:ui> if Password Synchronization is not synchronizing with an Network Information Service (NIS) domain; set to <maml:ui>1</maml:ui> if Password Synchronization is synchronizing with an NIS domain. If USE_NIS is set to <maml:ui>1</maml:ui>, specify a valid path for NIS_UPDATE_PATH.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>USE_SHADOW</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Set to <maml:ui>0</maml:ui> if the passwd file is to be used for synchronization; set to <maml:ui>1</maml:ui> if the shadow file is to be used.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Install Identity Management for UNIX Components</maml:title><maml:introduction>
<maml:para>Identity Management for UNIX is considered a role service, or a software subcomponent, of the Active Directory Domain Services (AD DS) server role.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>To install Identity Management for UNIX components</maml:title><maml:introduction>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983#BKMK_Windows"></maml:uri></maml:navigationLink></maml:para>
<maml:para><maml:navigationLink><maml:linkText>Using Windows PowerShell</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983#BKMK_wps"></maml:uri></maml:navigationLink></maml:para>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983#BKMK_command"></maml:uri></maml:navigationLink></maml:para>
</maml:introduction>
<maml:sections>
<maml:section address="BKMK_Windows">
<maml:title>Installing Identity Management for UNIX by using the Windows interface</maml:title><maml:introduction>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Server for NIS and Password Synchronization can be installed only on AD DS domain controllers.</maml:para>
</maml:alertSet>
<maml:procedure><maml:title>To install Identity Management for UNIX components</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. To open Server Manager, click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the tree pane, expand <maml:ui>Roles</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the role home page for AD DS, in the <maml:ui>Roles</maml:ui> section, in the list of common tasks, click <maml:ui>Add Role Services</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Select Role Services</maml:ui> page of the Add Role Services Wizard, select the Identity Management for UNIX role services that you want to install, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the wizard prompts you to install any other role services that are required by Identity Management for UNIX components, click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After verifying your selections on the <maml:ui>Confirm Installation Selections</maml:ui> page, click <maml:ui>Install</maml:ui>.</maml:para>
<maml:para>The computer must be restarted after the installation of Identity Management for UNIX finishes.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>You must be a member of the Administrators group on the local computer to install Identity Management for UNIX components.</maml:alert><maml:alert>Server Manager is available only to members of the Administrators group on the local computer. By default, Server Manager opens when an administrator logs on to the computer. You can open Server Manager from the <maml:ui>Start</maml:ui> menu, the <maml:ui>Quick Launch</maml:ui> bar, or from Administrative Tools.</maml:alert></maml:alertSet>
</maml:introduction></maml:section>
<maml:section address="BKMK_wps"><maml:title>Installing Identity Management for UNIX by using Windows PowerShell</maml:title>
<maml:introduction><maml:para>You can use the Windows PowerShell set of cmdlets for Server Manager to install Identity Management for UNIX.</maml:para>
<maml:procedure><maml:title>To install Identity Management for UNIX by using Windows PowerShell</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Open a Windows PowerShell session with elevated user rights. To do this, click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, click <maml:ui>Windows PowerShell</maml:ui>, right-click the <maml:ui>Windows PowerShell</maml:ui> shortcut, and then click <maml:ui>Run as administrator</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Load the Server Manager module into the Windows PowerShell session before working with Server Manager cmdlets. Type the following, and then press <maml:ui>Enter</maml:ui>.</maml:para>
<maml:para><maml:userInput>Import-Module Servermanager</maml:userInput></maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Windows PowerShell cmdlets are not case-sensitive.</maml:para></maml:alertSet></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Do one of the following.</maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>To install all Identity Management for UNIX components, type the following, and then press <maml:ui>Enter</maml:ui>. <maml:userInput>Add-WindowsFeature ADDS-Identity-Mgmt -restart</maml:userInput></maml:para></maml:listItem>
<maml:listItem><maml:para>To install only Password Synchronization, type the following, and then press <maml:ui>Enter</maml:ui>. <maml:userInput>Add-WindowsFeature ADDS-Password-Sync -restart</maml:userInput></maml:para></maml:listItem>
<maml:listItem><maml:para>To install only Server for NIS, type the following, and then press <maml:ui>Enter</maml:ui>. <maml:userInput>Add-WindowsFeature ADDS-NIS -restart</maml:userInput></maml:para></maml:listItem></maml:list>
<maml:para>A restart of the computer is required when you install Identity Management for UNIX. The <maml:computerOutputInline>-restart</maml:computerOutputInline> parameter restarts the computer automatically after installation is complete.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para> Add the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter to your command to instruct Server Manager to show the list of all software that is installed by default as a result of the command. Running the command with the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter does not result in an actual installation; the command results show only what would be installed by an actual installation.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step></maml:procedure></maml:introduction></maml:section>
<maml:section address="BKMK_command">
<maml:title>Installing Identity Management for UNIX by using a command line</maml:title><maml:introduction>
<maml:para>Server Manager command line tools allow you to install or remove roles, role services, or features in a Windows Command Prompt. Identity Management for UNIX can be installed by using the Server Manager line command because it is a role service of the Active Directory Domain Services role.</maml:para>
<maml:para>You can run the Server Manager line command, ServerManagerCmd.exe, from within any directory on the local computer. You must be a member of the Administrators group on the local computer to run the Server Manager command.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Because of security restrictions imposed by User Account Control in Windows Server 2008 R2, you must run ServerManagerCmd.exe in a Command Prompt window opened with elevated user rights. To do this, right-click the <maml:ui>Command Prompt</maml:ui> executable, or the <maml:ui>Command Prompt</maml:ui> object on the <maml:ui>Start</maml:ui> menu, and then click <maml:ui>Run as administrator</maml:ui>.</maml:para>
</maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Other parameters are available for this command, such as <maml:computerOutputInline>-restart</maml:computerOutputInline>, which automatically restarts the computer after installation if it is required by the programs you have installed. It is recommended that you read about additional Server Manager command line parameters in the topic "Overview of Server Manager Commands" in the Server Manager Help.</maml:para>
</maml:alertSet>
<maml:procedure><maml:title>To install Identity Management for UNIX by using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Open a <maml:ui>Command Prompt</maml:ui> window with elevated user rights. To do this, click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, right-click <maml:ui>Command Prompt</maml:ui>, and then click <maml:ui>Run as administrator</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type one of the following, and then press <maml:ui>ENTER</maml:ui>.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:userInput>ServerManagerCmd.exe -install ADDS-Identity-Management -restart</maml:userInput> to install all of Identity Management for UNIX</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:userInput>ServerManagerCmd.exe - install ADDS-NIS -restart</maml:userInput> to install Server for NIS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:userInput>ServerManagerCmd.exe - install ADDS-Password-Sync -restart</maml:userInput> to install Password Synchronization</maml:para>
</maml:listItem></maml:list>
<maml:para>A restart of the computer is required when you install Identity Management for UNIX. The <maml:computerOutputInline>-restart</maml:computerOutputInline> parameter restarts the computer automatically after installation is finished.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para> Add the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter to your command to instruct Server Manager to show the list of all software that is installed by default by the command. Running the command together with the <maml:computerOutputInline>-whatIf</maml:computerOutputInline> parameter does not result in an actual installation. The command results show only what would be installed by an actual installation.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>Special considerations for installing or removing Server for NIS</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>The NIS domain</maml:title><maml:introduction>
<maml:para>Upon installation, Server for NIS creates a Network Information Service (NIS) domain that has the same name as the AD DS domain. Administrators can add users, groups, or computers to this domain. Moreover, administrators can migrate UNIX NIS domain data to Server for NIS and designate the Server for NIS computer as the master NIS server for the migrated domain. </maml:para>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Removing Server for NIS in master mode</maml:title><maml:introduction>
<maml:para>If you remove Server for NIS while it is running on a master server, you must verify that another server is assigned the tasks of the master server. If other Windows-based subordinate NIS servers are in the domains supported by the master server that you remove, you must assign one of these servers the role of master server. Server for NIS cannot be a subordinate server to a master NIS server that is running on a UNIX-based operating system.</maml:para>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Removing Server for NIS in subordinate mode</maml:title><maml:introduction>
<maml:para>If you remove Server for NIS while it is running as a subordinate server, the domain controller on which it was running will continue to receive NIS map updates through AD DS Synchronization.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>Additional Configuration</maml:title><maml:introduction>
<maml:para>Server for NIS and Password Synchronization require some additional configuration before they can operate in your enterprise. Password Synchronization requires the installation of specific components on UNIX hosts that will participate in password synchronization.</maml:para>
<maml:para>For more information about additional configuration steps, see the Checklists for these technologies:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying Server for NIS</maml:linkText><maml:uri href="mshelp://windows/?id=0abf25b5-693c-47ec-b60f-7bdd42407e96"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Migrating NIS Maps to Active Directory Domain Services</maml:linkText><maml:uri href="mshelp://windows/?id=1fb6a2a2-5425-488f-bffc-84937b58ad57"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=9ad4d968-10d1-4631-a237-bfa10f15c47d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual>GIF89a
�
���333!�����,����
�
��
"meo[tX}F�;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Deploying Password Synchronization</maml:title><maml:introduction>
<maml:para>Password Synchronization helps integrate Windows and UNIX networks by simplifying the process of maintaining secure passwords in both environments. With Password Synchronization, you install utilities on your network's UNIX-based computers that detect user password changes on Windows-based computers or domains, then automatically update passwords on every UNIX host on which the users have accounts. You can also configure Password Synchronization to change the user's Windows password when the user's UNIX password is changed.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Notes</maml:title><maml:introduction>
<maml:para>You can install Password Synchronization in any of the following three scenarios.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>You want to synchronize passwords in an NIS domain for which the master server is a Windows-based computer running Server for NIS. See <maml:navigationLink><maml:linkText>Setting up Password Synchronization for use with an NIS domain (Server for NIS master server)</maml:linkText><maml:uri href="mshelp://windows/?id=9ad4d968-10d1-4631-a237-bfa10f15c47d#BKMK_ServerNIS"></maml:uri></maml:navigationLink> in this topic.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You want to synchronize passwords in an NIS domain for which the master server is a UNIX-based NIS server. See <maml:navigationLink><maml:linkText>Setting up Password Synchronization for use with an NIS domain (UNIX-based master server)</maml:linkText><maml:uri href="mshelp://windows/?id=9ad4d968-10d1-4631-a237-bfa10f15c47d#BKMK_UNIXMaster"></maml:uri></maml:navigationLink> in this topic.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You want to synchronize passwords for users of standalone UNIX-based hosts who connect to Windows computers. See <maml:navigationLink><maml:linkText>Setting up Password Synchronization for use with standalone UNIX-based hosts</maml:linkText><maml:uri href="mshelp://windows/?id=9ad4d968-10d1-4631-a237-bfa10f15c47d#BKMK_Standalone"></maml:uri></maml:navigationLink> in this topic.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Password Synchronization can be installed only on an Active Directory Domain Services domain controller.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section address="BKMK_ServerNIS">
<maml:title>Setting up Password Synchronization for use with an NIS domain (Server for NIS master server)</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Step</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Read about Password Synchronization.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Overview of Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=e755c195-e7e0-4a38-9531-47a31e6e2aea"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Log on as a member of both the Schema Administrators and Enterprise Administrators groups.</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Install Password Synchronization on all domain controllers.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Set the password encryption key.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Setting the password encryption key</maml:linkText><maml:uri href="mshelp://windows/?id=fad30859-2cc3-4356-99ce-4ea74c19678a"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Change other settings, as needed. Be sure to select the <maml:ui>UNIX to Windows</maml:ui> check box in the <maml:ui>Direction of password synchronization</maml:ui> area on the <maml:ui>General</maml:ui> tab of the <maml:ui>Password Synchronization Properties</maml:ui> dialog box.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Setting default synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=0abd5d77-da96-49c0-9f54-def67c7dfced"></maml:uri></maml:navigationLink>; <maml:navigationLink><maml:linkText>Setting computer-specific synchronization properties</maml:linkText><maml:uri href="mshelp://windows/?id=cfe2d5f2-28eb-42ee-92ee-52c9ec7221df"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Add UNIX-based computers with which passwords will be synchronized if they are not members of the Network Information Service (NIS) domain. For each computer, select the computer in the list, click <maml:ui>Properties</maml:ui>, clear the <maml:ui>Synchronize password changes to this computer</maml:ui> check box, select the <maml:ui>Synchronize password changes from this computer</maml:ui> check box, and then click <maml:ui>OK</maml:ui>. If you want to use non-default values, you can also specify values for the port number, encryption key, or both.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Adding or removing computers for synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=2f951d01-2389-4b2f-ad25-53de5b075760"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section>
<maml:section address="BKMK_UNIXMaster">
<maml:title>Setting up Password Synchronization for use with an NIS domain (UNIX-based master server)</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Step</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Read about Password Synchronization.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Overview of Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=e755c195-e7e0-4a38-9531-47a31e6e2aea"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Log on as a member of both the Schema Administrators and Enterprise Administrators groups.</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Install Password Synchronization on the appropriate Windows-based computers. If the passwords of local accounts on a server are to be synchronized, install Password Synchronization on the server. If Windows domain passwords are to be synchronized, install Password Synchronization on all domain controllers.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Set the password encryption key.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Setting the password encryption key</maml:linkText><maml:uri href="mshelp://windows/?id=fad30859-2cc3-4356-99ce-4ea74c19678a"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Change other settings, as needed. Be sure to select the <maml:ui>UNIX to Windows</maml:ui> check box in the <maml:ui>Direction of password synchronization</maml:ui> area on the <maml:ui>General</maml:ui> tab of the <maml:ui>Password Synchronization Properties</maml:ui> dialog box.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Setting default synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=0abd5d77-da96-49c0-9f54-def67c7dfced"></maml:uri></maml:navigationLink>; <maml:navigationLink><maml:linkText>Setting computer-specific synchronization properties</maml:linkText><maml:uri href="mshelp://windows/?id=cfe2d5f2-28eb-42ee-92ee-52c9ec7221df"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Add the Network Information Service (NIS) master server to the list of computers with which the Windows-based computer will synchronize passwords. </maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Adding or removing computers for synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=2f951d01-2389-4b2f-ad25-53de5b075760"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Add UNIX-based computers with which passwords will be synchronized if they are not members of the Network Information Service (NIS) domain. For each computer, on the <maml:ui>General</maml:ui> tab of the <maml:ui>Add Computer</maml:ui> dialog box, clear the <maml:ui>Synchronize password changes to this computer</maml:ui> check box, select the <maml:ui>Synchronize password changes from this computer</maml:ui> check box, and then click <maml:ui>OK</maml:ui>. If you want to use non-default values, you can also specify values for the port number, encryption key, or both.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Adding or removing computers for synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=2f951d01-2389-4b2f-ad25-53de5b075760"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specify which users have permissions to synchronize passwords.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Controlling password synchronization for user accounts</maml:linkText><maml:uri href="mshelp://windows/?id=e9a8eb5f-83ba-496c-b895-de3061f59bff"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Ensure that the Password Synchronization configurations on all domain controllers in the domain are identical.</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Configuring UNIX-based computers to work with Password Synchronization</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Step</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Install and configure the Password Synchronization single sign-on daemon (SSOD) on the NIS master server. Be sure to change the default encryption key in the sso.conf file to match the Password Synchronization encryption key set in preceding steps before copying it to the server, and edit sso.conf to specify the following: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:computerOutputInline>USE_NIS=1</maml:computerOutputInline></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:computerOutputInline>NIS_UPDATE_PATH</maml:computerOutputInline>=<maml:replaceable>Makefile_path</maml:replaceable>, where <maml:replaceable>Makefile_path</maml:replaceable> is the path and name of the NIS makefile, such as <maml:computerOutputInline>/var/yp/Makefile</maml:computerOutputInline></maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install the Password Synchronization daemon on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=f0ef8a61-0a50-47dc-99aa-bbe0c2442da8"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Copy the sso.conf file from the NIS master server to the /etc directory of each computer on which the Password Synchronization PAM module is installed.</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>On each NIS client on which you installed the Password Synchronization pluggable authentication module (PAM), replace the yppasswd binary file with a link to the passwd binary file, and then edit the /etc/nsswitch.conf file to change the <maml:computerOutputInline>passwd</maml:computerOutputInline> and <maml:computerOutputInline>shadow</maml:computerOutputInline> lines of the file, as shown:</maml:para>
<dev:code>passwd: files [NOTFOUND=continue] nis
shadow: files [NOTFOUND=continue] nis</dev:code>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Start the Password Synchronization daemon on the NIS master server.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Start or stop Identity Management for UNIX components</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
<maml:section address="BKMK_Standalone">
<maml:title>Setting up Password Synchronization for use with standalone UNIX-based hosts</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Step</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Read about Password Synchronization.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Overview of Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=e755c195-e7e0-4a38-9531-47a31e6e2aea"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Log on as a member of both the Schema Administrators and Enterprise Administrators groups.</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Install Password Synchronization on all Windows-based domain controllers. If the passwords of local accounts on a server are to be synchronized, install Password Synchronization on the server. If Windows domain passwords are to be synchronized, install Password Synchronization on all domain controllers.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Set the password encryption key.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Setting the password encryption key</maml:linkText><maml:uri href="mshelp://windows/?id=fad30859-2cc3-4356-99ce-4ea74c19678a"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Change other settings, as needed.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Setting default synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=0abd5d77-da96-49c0-9f54-def67c7dfced"></maml:uri></maml:navigationLink>; <maml:navigationLink><maml:linkText>Setting computer-specific synchronization properties</maml:linkText><maml:uri href="mshelp://windows/?id=cfe2d5f2-28eb-42ee-92ee-52c9ec7221df"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Add UNIX-based computers with which passwords will be synchronized if they are not members of the Network Information Service (NIS) domain. For each computer, on the <maml:ui>General</maml:ui> tab of the <maml:ui>Add Computer</maml:ui> dialog box, clear the <maml:ui>Synchronize password changes to this computer</maml:ui> check box, select the <maml:ui>Synchronize password changes from this computer</maml:ui> check box, and then click <maml:ui>OK</maml:ui>. If you want to use non-default values, you can also specify values for the port number, encryption key, or both.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Adding or removing computers for synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=2f951d01-2389-4b2f-ad25-53de5b075760"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Ensure that the Password Synchronization configurations on all domain controllers in the domain are identical.</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Configuring UNIX-based standalone hosts to work with Password Synchronization</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Step</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Install and configure the Password Synchronization single sign-on daemon (SSOD) on all UNIX-based computers with which passwords will be synchronized. Be sure to change the default encryption key in the sso.conf file to match the Password Synchronization encryption key set in previous steps before copying it to the UNIX-based computers.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install the Password Synchronization daemon on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=f0ef8a61-0a50-47dc-99aa-bbe0c2442da8"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specify which users have permissions to synchronize passwords.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Controlling password synchronization for user accounts</maml:linkText><maml:uri href="mshelp://windows/?id=e9a8eb5f-83ba-496c-b895-de3061f59bff"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Start the Password Synchronization daemon.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Start or stop Identity Management for UNIX components</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=3dd4f848-9c62-4403-bfe7-52364867ea8c" mimeType="image/gif"><maml:summary>Check box</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Install and configure the Password Synchronization PAM on all UNIX-based computers from which password changes are to be synchronized with Windows passwords.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install the Password Synchronization pluggable authentication module</maml:linkText><maml:uri href="mshelp://windows/?id=c6fe2f12-73e1-46a8-887e-ea873b3d34d0"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:para>For more information about Password Synchronization, see:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>The <maml:navigationLink><maml:linkText>Windows Server TechCenter</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=48547"></maml:uri></maml:navigationLink> for Active Directory Domain Services (http://go.microsoft.com/fwlink/?LinkId=48547)</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Start or stop Identity Management for UNIX components</maml:title><maml:introduction>
<maml:para>This section contains procedures for starting and stopping Server for NIS and Password Synchronization.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>In this section</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>To start Server for NIS</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_StartSNIS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>To stop Server for NIS</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_StopSNIS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>To start the Password Synchronization daemon</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_StartPS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>To stop the Password Synchronization daemon</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_StopPS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Special considerations for starting or stopping Server for NIS</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_SpecialNIS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section address="BKMK_StartSNIS">
<maml:title>To start Server for NIS</maml:title><maml:introduction>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Server for NIS is enabled by default following installation. To change the Server for NIS service startup type to Automatic, use the following procedure.</maml:para>
</maml:alertSet>
<maml:procedure><maml:title>To set the Server for NIS service startup type to Automatic</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to the computer as a member of the <maml:ui>Administrators</maml:ui> group on which you want to run Server for NIS.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Start</maml:ui> menu, click <maml:ui>Run</maml:ui>, type <maml:computerOutputInline>services.msc</maml:computerOutputInline>, and then click <maml:ui>OK</maml:ui> to open the <maml:ui>Services</maml:ui> MMC.</maml:para>
<maml:para>-- or --</maml:para>
<maml:para>On the <maml:ui>Start</maml:ui> menu, click <maml:ui>Administrative Tools</maml:ui>, then click <maml:ui>Services</maml:ui> to open the <maml:ui>Services</maml:ui> MMC.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, double-click <maml:ui>Server for NIS</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>General</maml:ui> tab of the <maml:ui>Server for NIS Properties</maml:ui> dialog box, select <maml:ui>Automatic</maml:ui> from the <maml:ui>Startup type</maml:ui> drop-down menu.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>. Close the <maml:ui>Services</maml:ui> MMC.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_UsingWindowsStartSNIS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_UsingCLStartSNIS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section address="BKMK_UsingWindowsStartSNIS">
<maml:title>Using the Windows interface</maml:title><maml:introduction>
<maml:procedure><maml:title>To start Server for NIS by using Windows</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console.</maml:para>
<maml:para>To open Identity Management for UNIX, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, point to <maml:ui>Identity Management for UNIX</maml:ui>, and then click <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click <maml:ui>Server for NIS</maml:ui>, and then click <maml:ui>Start</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>
<maml:section address="BKMK_UsingCLStartSNIS">
<maml:title>Using a command line</maml:title><maml:introduction>
<maml:procedure><maml:title>To start Server for NIS by using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>At a command prompt, type: </maml:para>
<maml:para><maml:computerOutputInline>nisadmin</maml:computerOutputInline> [<maml:replaceable>server</maml:replaceable>] <maml:computerOutputInline>start</maml:computerOutputInline> [<maml:computerOutputInline>–u</maml:computerOutputInline><maml:ui> </maml:ui><maml:replaceable>user</maml:replaceable> [<maml:computerOutputInline>–p</maml:computerOutputInline> <maml:replaceable>password</maml:replaceable>]]</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para>The following table describes the arguments used with the <maml:computerOutputInline>nisadmin</maml:computerOutputInline> command to start Server for NIS.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Argument</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:replaceable>server</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The name of the server you want to start.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:replaceable>user</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The name of the user who has administrative permissions on the server to be started, if different from the current user.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:replaceable>password</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The password of the user who has administrator permissions on the server to be started, if different from the current user. If you type a user name but omit the password, you will be prompted for the password.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To view the complete syntax for this command, at a command prompt, type the following: <maml:computerOutputInline>nisadmin /?</maml:computerOutputInline></maml:para>
</maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section address="BKMK_StopSNIS">
<maml:title>To stop Server for NIS</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_UsingWindowsStopSNIS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=9d328556-507f-452d-ab70-811acad4cdbb#BKMK_UsingCLStopSNIS"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section address="BKMK_UsingWindowsStopSNIS">
<maml:title>Using the Windows interface</maml:title><maml:introduction>
<maml:procedure><maml:title>To stop Server for NIS by using Windows</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console.</maml:para>
<maml:para>To open Identity Management for UNIX, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, point to <maml:ui>Identity Management for UNIX</maml:ui>, and then click <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click <maml:ui>Server for NIS</maml:ui>, and then click <maml:ui>Stop</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>
<maml:section address="BKMK_UsingCLStopSNIS">
<maml:title>Using a command line</maml:title><maml:introduction>
<maml:procedure><maml:title>To stop Server for NIS by using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>At a command prompt, type: </maml:para>
<maml:para><maml:computerOutputInline>nisadmin</maml:computerOutputInline> [<maml:replaceable>server</maml:replaceable>] <maml:computerOutputInline>stop</maml:computerOutputInline> [<maml:computerOutputInline>–u</maml:computerOutputInline> <maml:replaceable>user</maml:replaceable> [<maml:computerOutputInline>–p</maml:computerOutputInline> <maml:replaceable>password</maml:replaceable>]]</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para>The following table describes the command arguments used with the <maml:computerOutputInline>nisadmin</maml:computerOutputInline> command to stop Server for NIS.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Argument</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:replaceable>server</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The name of the server you want to stop.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:replaceable>user</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The name of the user who has administrator permissions on the server to be stopped, if different from the current user.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:replaceable>password</maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The password of the user who has administrator permissions on the server to be stopped, if different from the current user. If you type a user name but omit the password, you will be prompted for the password.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To view the complete syntax for this command, at a command prompt, type the following: <maml:computerOutputInline>nisadmin /?</maml:computerOutputInline></maml:para>
</maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section address="BKMK_StartPS">
<maml:title>To start the Password Synchronization daemon</maml:title><maml:introduction>
<maml:procedure><maml:title>To start the Password Synchronization daemon</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Run the single sign-on daemon (SSOD).</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>There is no other method for this procedure.</maml:para>
</maml:alertSet>
<maml:para>The sso.conf file must be in the /etc/ directory.</maml:para>
<maml:para>If you see no errors, the daemon is running. If any failures occur during the initialization of the daemon, an error message is displayed on the console. Errors may also be logged to the Syslog file.</maml:para>
<maml:para>If you want the Password Synchronization service to start automatically, add the single sign-on daemon (SSOD) to your system startup files (typically Rc.local). This will start SSOD as root.</maml:para>
</maml:introduction></maml:section><maml:section address="BKMK_StopPS">
<maml:title>To stop the Password Synchronization daemon</maml:title><maml:introduction>
<maml:procedure><maml:title>To stop the Password Synchronization daemon</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Send the process a TERM signal by typing and entering the following at a command line:</maml:para>
<maml:para><maml:computerOutputInline>kill –term</maml:computerOutputInline> <maml:replaceable>pid</maml:replaceable></maml:para>
<maml:para>where <maml:replaceable>pid</maml:replaceable> is the process identifier of the Password Synchronization single sign-on daemon (SSOD).</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section><maml:section address="BKMK_SpecialNIS">
<maml:title>Special considerations for starting or stopping Server for NIS</maml:title><maml:introduction>
<maml:para>When Server for NIS is stopped, it does not respond to Network Information Service (NIS) requests from clients, including requests for password changes.</maml:para>
<maml:para>When Server for NIS is stopped, you can continue to make changes to NIS map data by using Active Directory Users and Computers.</maml:para>
<maml:para>UNIX-based computers respond differently when Server for NIS is stopped, however. If the UNIX-based NIS server has failed, changes to maps made by using the <maml:computerOutputInline>make</maml:computerOutputInline> utility are not updated in the NIS database.</maml:para>
<maml:para>Additionally, when Server for NIS is stopped, NIS map changes are not propagated to UNIX-based subordinate NIS servers. However, subordinate NIS servers running on Windows-based Active Directory domain controllers continue to receive updates.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>Identity Management for UNIX: How To...</maml:linkText><maml:uri href="mshelp://windows/?id=4e579be7-1aca-4824-892b-7e69539fb18a"></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Install Identity Management for UNIX Components</maml:linkText><maml:uri href="mshelp://windows/?id=927255eb-3456-4fda-84a3-11a8018e5983"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Setting auditing options</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Setting auditing options for Password Synchronization</maml:title><maml:introduction>
<maml:procedure><maml:title>To set auditing options for Password Synchronization</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console by clicking <maml:ui>Start</maml:ui>, pointing to <maml:ui>Administrative Tools</maml:ui>, and then clicking <maml:ui>Microsoft</maml:ui> <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
<maml:para>You can also open the Identity Management for UNIX management console from within Server Manager, by expanding <maml:ui>Roles</maml:ui> and then <maml:ui>Active Directory Domain Services</maml:ui> in the hierarchy pane, and then selecting <maml:ui>Microsoft Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage by using the procedure in <maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane, click <maml:ui>Password Synchronization</maml:ui>, and then do one of the following.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click <maml:ui>Password Synchronization</maml:ui>, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Properties</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Configuration</maml:ui> tab of the <maml:ui>Properties</maml:ui> dialog box, select <maml:ui>Enable extensive logging</maml:ui> to instruct Password Synchronization to log detailed steps of synchronization retries.</maml:para>
<maml:para>Clear the <maml:ui>Enable extensive logging</maml:ui> check box if you want Password Synchronization logs to contain fewer details about synchronization attempts.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To perform this task in the command line environment, see <maml:navigationLink><maml:linkText>psadmin</maml:linkText><maml:uri href="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Install the Password Synchronization pluggable authentication module</maml:title><maml:introduction>
<maml:para>This section contains instructions on installing the pluggable authentication module (PAM) on computers running any of the following four UNIX-based operating system families:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>IBM AIX</maml:linkText><maml:uri href="mshelp://windows/?id=c6fe2f12-73e1-46a8-887e-ea873b3d34d0#BKMK_AIX"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Hewlett-Packard HP-UX</maml:linkText><maml:uri href="mshelp://windows/?id=c6fe2f12-73e1-46a8-887e-ea873b3d34d0#BKMK_HPUX"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Red Hat Enterprise Linux</maml:linkText><maml:uri href="mshelp://windows/?id=c6fe2f12-73e1-46a8-887e-ea873b3d34d0#BKMK_Linux"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Sun Solaris</maml:linkText><maml:uri href="mshelp://windows/?id=c6fe2f12-73e1-46a8-887e-ea873b3d34d0#BKMK_Solaris"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections><maml:section address="BKMK_AIX">
<maml:title>To install the pluggable authentication module (PAM) on AIX</maml:title><maml:introduction>
<maml:para>Perform the following steps to install the PAM on computers running IBM AIX.</maml:para>
<maml:procedure><maml:title>To install the PAM on AIX</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Copy the file pam_sso.aix from \Unix\Bins on the Windows Server® 2008 R2 product disc to /usr/lib/ on the computer running IBM AIX.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Change the file name to pam_sso.aix.1.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the computer running AIX, log on as <maml:computerOutputInline>root</maml:computerOutputInline>, and then run the following command:</maml:para>
<maml:para><maml:computerOutputInline>chown root /usr/lib/pam_sso.aix.1 chmod 555 /usr/lib/pam_sso.aix.1</maml:computerOutputInline></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, create the /etc/pam.conf file according to your network requirements, setting the owner to root and the base permissions to 644. For more information about creating the pam.conf file, see "Pluggable Authentication Modules" in <maml:computerOutputInline>System Management Guides: Security Guide</maml:computerOutputInline> in your AIX documentation. </maml:para>
<maml:para>The following is a sample pam.conf file</maml:para>
<maml:para> </maml:para>
<dev:code>#
# Authentication management
#
OTHER auth required /usr/lib/security/pam_aix
#
# Account management
#
OTHER account required /usr/lib/security/pam_aix
#
# Session management
#
OTHER session required /usr/lib/security/pam_aix
</dev:code>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open /etc/pam.conf by using a text editor.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Password management</maml:ui> section, add the following line:</maml:para>
<maml:para><maml:computerOutputInline>passwd password required /usr/lib/security/pam_sso.aix.1</maml:computerOutputInline></maml:para>
<maml:para>The following is a sample pam.conf file with this line added.</maml:para>
<maml:para> </maml:para>
<dev:code>#
# Authentication management
#
OTHER auth required /usr/lib/security/pam_aix
#
# Account management
#
OTHER account required /usr/lib/security/pam_aix
#
# Session management
#
OTHER session required /usr/lib/security/pam_aix
#
# Password management
#
passwd password required /usr/lib/security/pam_sso.aix.1</dev:code>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open /usr/lib/security/methods.cfg by using a text editor, and add the following lines at the end of the file: </maml:para>
<maml:para><maml:computerOutputInline>PAM: program = /usr/lib/security/PAM</maml:computerOutputInline></maml:para>
<maml:para><maml:computerOutputInline>PAMfiles: options = auth=PAM,db=BUILTIN</maml:computerOutputInline></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open /etc/security/user with a text editor and add authentication information for the specific users whose passwords you want to synchronize. For example:</maml:para>
<dev:code>user1: admin = false SYSTEM = PAMfiles[*] AND "compat" registry = PAMfiles</dev:code>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>You can choose to change the default section of /etc/security/user to allow all users to synchronize their passwords. In this case, to restrict access to Password Synchronization, you can use the <maml:computerOutputInline>SYNC_USERS</maml:computerOutputInline> attribute in the /etc/sso.conf file to restrict access. For more information, see <maml:navigationLink><maml:linkText>Use sso.conf to configure Password Synchronization on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=8bf52dc9-bcf2-4b18-8118-d95836373c31"></maml:uri></maml:navigationLink>. To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.conf that you added in step 6.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section><maml:section address="BKMK_HPUX">
<maml:title>To install the pluggable authentication module (PAM) on HP-UX</maml:title><maml:introduction>
<maml:para>Perform the following steps to install the PAM on computers running Hewlett-Packard HP-UX.</maml:para>
<maml:procedure><maml:title>To install the PAM on HP-UX</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Copy pam_sso.hpx from \Unix\Bins on the Windows Server 2008 R2 product disc to /usr/lib/security on the UNIX computer.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Change the file name to <maml:computerOutputInline>pam_sso.hp.1</maml:computerOutputInline>, and then set its file-mode bits to 544.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The file-mode bits for pam_sso.hp.1 must be set to 544 (o:r-x,g:r--,w:r--) or it will not function properly.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the computer running HP-UX, open /etc/pam.conf by using a text editor.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Password management</maml:ui> section, locate the following line:</maml:para>
<dev:code>other password required /usr/lib/security/libpam_unix.1</dev:code>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Immediately after the line located in the previous step, add the following line: </maml:para>
<maml:para><maml:computerOutputInline>other password required /usr/lib/security/pam_sso.hp.1</maml:computerOutputInline></maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.conf that you added in step 5. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Sample HP-UX PAM configuration file</maml:title><maml:introduction>
<maml:para>The following file samples show a typical configuration. Actual contents of these files may vary, depending on your system configuration.</maml:para>
<dev:code>#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
dtaction auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1
#
# Account management
#
login account required /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_unix.1
dtaction account required /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_unix.1
#
OTHER account required /usr/lib/security/libpam_unix.1
#
# Session management
#
login session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_unix.1
dtaction session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1
#
# Password management
#
login password required /usr/lib/security/libpam_unix.1
dtlogin password required /usr/lib/security/libpam_unix.1
dtaction password required /usr/lib/security/libpam_unix.1
other password required /usr/lib/security/libpam_unix.1
other password required /usr/lib/security/pam_sso.hp.1</dev:code>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section address="BKMK_Linux">
<maml:title>To install the pluggable authentication module (PAM) on Linux</maml:title><maml:introduction>
<maml:para>Perform the following steps to install the PAM on computers running Linux.</maml:para>
<maml:procedure><maml:title>To install the PAM on Linux</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Copy pam_sso.rhl from \Unix\Bins on the Windows Server 2008 R2 product disc to /lib/security on the UNIX computer, and change its name to pam_sso.so.1.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the UNIX computer, copy /etc/pam.d/system-auth to /etc/pam.d/ssod.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open /etc/pam.d/system-auth with a text editor, and locate the following line: </maml:para>
<dev:code>password…..required…../lib/security/pam_cracklib.so…..retry=3</dev:code>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After the line in the previous step, add the following line: </maml:para>
<maml:para><maml:computerOutputInline>password required /lib/security/pam_sso.so.1</maml:computerOutputInline></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Locate and delete the following line: </maml:para>
<dev:code>Password required /lib/security/pam_deny.so</dev:code>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Save the modified file.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>These instructions apply to the typical Linux configuration. If you have configured PAM support differently, you might have to adjust these instructions to your specific configuration. To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.d/system-auth that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Sample Linux PAM configuration file</maml:title><maml:introduction>
<maml:para>The following file samples show a typical configuration. Actual contents of these files may vary, depending on your system configuration. </maml:para>
<dev:code>/etc/pam.d/passwd
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
/etc/pam.d/ssod
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password required /lib/security/pam_sso.so.1
password sufficient /lib/security/pam_unix.so nullok use_authtok shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
</dev:code>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section address="BKMK_Solaris">
<maml:title>To install the pluggable authentication module (PAM) on Solaris</maml:title><maml:introduction>
<maml:para>Perform the following steps to install the PAM on computers running Sun Solaris.</maml:para>
<maml:procedure><maml:title>To install the PAM on Solaris</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Copy pam_sso.sol from the \Unix\Bins folder on the Windows Server 2008 R2 product disc to the /usr/lib/security directory on the UNIX computer, and change its name to pam_sso.so.1.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the UNIX computer, open /etc/pam.conf with a text editor.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Password management</maml:ui> section, locate the following line: </maml:para>
<dev:code>other password required /usr/lib/security/$ISA/pam_unix.so.1</dev:code>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Immediately following the line located in the step 3, add the following line:</maml:para>
<maml:para><maml:computerOutputInline>other password required /usr/lib/security/$ISA/pam_sso.so.1</maml:computerOutputInline></maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.conf that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Sample Solaris PAM configuration file</maml:title><maml:introduction>
<maml:para>The following file samples show a typical configuration. Actual contents of these files may vary, depending on your system configuration.</maml:para>
<dev:code>#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other password required /usr/lib/security/$ISA/pam_unix.so.1
other password required /usr/lib/security/$ISA/pam_sso.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass</dev:code>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Password Synchronization</maml:title><maml:introduction>
<maml:para>Password Synchronization makes it easy for users to maintain one user name and password for Windows domains and UNIX systems, synchronizing the passwords when one of them changes.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Password Synchronization</maml:title><maml:introduction>
<maml:para>Depending on how Password Synchronization and the UNIX servers are configured, synchronization can be one way or two way.</maml:para>
<maml:para>Before you begin using Password Synchronization, see “Checklist: Deploying Password Synchronization” in the Identity Management for UNIX Help.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>In this section</maml:title>
<maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Overview of Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=e755c195-e7e0-4a38-9531-47a31e6e2aea"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Best Practices for Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=132fda24-8d94-47a5-afd7-e9a1574f6cb3"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Password Synchronization Setup</maml:linkText><maml:uri href="mshelp://windows/?id=606e4ef7-3857-4cc1-9ff8-73f5097542ea"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Password Synchronization Concepts</maml:linkText><maml:uri href="mshelp://windows/?id=33e508ca-371c-4955-ab05-8b7b4391981e"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Troubleshooting Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Command-line Utility in Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=17fd8d2a-eedb-4e9f-be8f-a963caddcc51"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Setting computer-specific synchronization properties</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Setting computer-specific synchronization properties</maml:title><maml:introduction>
<maml:para>Before setting computer-specific synchronization properties in Password Synchronization, edit the sso.conf file on the UNIX-based computer to specify the same settings. For information about assigning computer-specific settings in the sso.conf file, see <maml:navigationLink><maml:linkText>Use sso.conf to configure Password Synchronization on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=8bf52dc9-bcf2-4b18-8118-d95836373c31"></maml:uri></maml:navigationLink>.</maml:para>
<maml:procedure><maml:title>To set computer-specific synchronization properties</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console by clicking <maml:ui>Start</maml:ui>, pointing to <maml:ui>Administrative Tools</maml:ui>, and then clicking <maml:ui>Microsoft</maml:ui> <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
<maml:para>You can also open the Identity Management for UNIX management console from within Server Manager, by expanding <maml:ui>Roles</maml:ui> and then <maml:ui>Active Directory Domain Services</maml:ui> in the hierarchy pane, and then selecting <maml:ui>Microsoft Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage by using the procedure in <maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane, under the <maml:ui>Password Synchronization</maml:ui> node, click <maml:ui>UNIX Computers</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, select the UNIX-based computer for which you want to configure properties.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>With the computer selected in the results pane, do one of the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click the computer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Properties</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Properties</maml:ui> dialog box for the computer, select the direction of synchronization you want.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, modify the existing password encryption key for the computer, or generate a new key.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, specify a different port number that the computer monitors for password changes.</maml:para>
<maml:para>The default port number is 6677.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui> when your changes are complete.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To perform this task in the command line environment, see <maml:navigationLink><maml:linkText>psadmin</maml:linkText><maml:uri href="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Troubleshooting Password Synchronization</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Troubleshooting</maml:title><maml:introduction>
<maml:para>What trouble are you having?</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User cannot log on to UNIX system after changing Windows password</maml:linkText><maml:uri href="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146#BKMK_1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Passwords fail to synchronize in a Windows domain, seemingly at random</maml:linkText><maml:uri href="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146#BKMK_2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User's password is changed on some, but not all, computers</maml:linkText><maml:uri href="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146#BKMK_3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Error ID 4104 is recorded in the event log for a system account, which usually has a name ending with a dollar sign ($)</maml:linkText><maml:uri href="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146#BKMK_4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>An error message about the encryption key is recorded in Event Viewer after Password Synchronization installation completes</maml:linkText><maml:uri href="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146#BKMK_45"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>I cannot stop the single sign-on daemon (SSOD) using kill -TERM on Linux</maml:linkText><maml:uri href="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146#BKMK_5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section address="BKMK_1">
<maml:title>User cannot log on to UNIX system after changing Windows password</maml:title><maml:introduction>
<maml:para><maml:ui>Cause:</maml:ui> Windows does not report a problem if an attempt to synchronize a UNIX password with a new Windows password fails. </maml:para>
<maml:para><maml:ui>Solution:</maml:ui> Check the Windows event log to determine why the attempt to change the password on the UNIX system failed.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_2">
<maml:title>Passwords fail to synchronize in a Windows domain, seemingly at random</maml:title><maml:introduction>
<maml:para><maml:ui>Cause:</maml:ui> Password Synchronization is not configured identically on all domain controllers in the domain. As a result, if a nonconforming domain controller accepts a user's password change, it might not be able to change the password on UNIX computers. </maml:para>
<maml:para><maml:ui>Solution:</maml:ui> Ensure that Password Synchronization is configured identically on all domain controllers, particularly host settings and default settings for encryption keys and ports.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_3">
<maml:title>User's password is changed on some, but not all, computers</maml:title><maml:introduction>
<maml:para><maml:ui>Cause:</maml:ui> Password policies are more restrictive on some computers, user names do not match between Windows and UNIX computers, or the user changed the password on a UNIX computer when two-way synchronization is not set up. </maml:para>
<maml:para><maml:ui>Solution:</maml:ui> Ensure that password policies on Windows and UNIX computers that synchronize passwords are similar. Otherwise, if the user changes the password on the less restrictive computer, the more restrictive system might not accept the new password. Password policies that govern minimum and maximum length, character case and alphanumeric mix, expiration, and reuse must be as close as possible between Windows and UNIX computers that synchronize passwords. Also, Windows and UNIX system administrators must ensure that user names, including case, are identical on the Windows and UNIX computers.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_4">
<maml:title>Error ID 4104 is recorded in the event log for a system account, which usually has a name ending with a dollar sign ($)</maml:title><maml:introduction>
<maml:para><maml:ui>Cause:</maml:ui> This error does not indicate a problem. It is logged when a backup domain controller or domain member server resets its secure channel with the domain. When this happens, the server password is also reset. Password Synchronization intercepts these password change requests; because they are for computer accounts rather than for user or group accounts, Password Synchronization logs error number 4104. </maml:para>
<maml:para><maml:ui>Solution:</maml:ui> No corrective measures are necessary.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_45">
<maml:title>An error message about the encryption key is recorded in Event Viewer after Password Synchronization installation completes</maml:title><maml:introduction>
<maml:para><maml:ui>Cause:</maml:ui> This error does not indicate a problem; it is a reminder for the Password Synchronization administrator to change the default encryption key. Changing the default encryption key is a security best practice for Password Synchronization, and helps prevent unauthorized users from obtaining passwords. Typically, the description text of this error message is "Default encryption key is insecure. Please generate new encryption key." For more information about best practices, see <maml:navigationLink><maml:linkText>Best Practices for Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=132fda24-8d94-47a5-afd7-e9a1574f6cb3"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para><maml:ui>Solution:</maml:ui> Set a new encryption key by using the procedure in the topic <maml:navigationLink><maml:linkText>Setting the password encryption key</maml:linkText><maml:uri href="mshelp://windows/?id=fad30859-2cc3-4356-99ce-4ea74c19678a"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_5">
<maml:title>I cannot stop the single sign-on daemon (SSOD) using kill -TERM on Linux</maml:title><maml:introduction>
<maml:para><maml:ui>Cause:</maml:ui> This is a known limitation.</maml:para>
<maml:para><maml:ui>Solution:</maml:ui> Use <maml:computerOutputInline>kill 9</maml:computerOutputInline> <maml:replaceable>SSOD_PID</maml:replaceable> instead.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Password Encryption</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Password encryption</maml:title><maml:introduction>
<maml:para>A Windows-based computer can send and receive updated passwords to and from a UNIX-based computer as encrypted text only. The Password Synchronization single sign-on daemon (SSOD) receives the encrypted password and decrypts it before requesting the password change on the UNIX host. Similarly, if Password Synchronization is configured to support UNIX-to-Windows synchronization, the pluggable authentication module (PAM) encrypts the password before sending it to Password Synchronization on the Windows-based computer, which then decrypts the password before requesting the password change on the Windows-based computer.</maml:para>
<maml:para>The password can be successfully decrypted only if Password Synchronization and the SSOD or PAM module use the same encryption key to encrypt and decrypt the password. Before installing the SSOD on any UNIX computer, you must first set the default encryption key. You must then specify the same key in the sso.conf file when you install the SSOD on each UNIX host. This will ensure that Password Synchronization and the SSOD on the UNIX hosts will use the same encryption key. For more information about setting the default encryption key, see <maml:navigationLink><maml:linkText>Setting the password encryption key</maml:linkText><maml:uri href="mshelp://windows/?id=fad30859-2cc3-4356-99ce-4ea74c19678a"></maml:uri></maml:navigationLink>. For information about installing and configuring the SSOD, see <maml:navigationLink><maml:linkText>Install the Password Synchronization daemon on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=f0ef8a61-0a50-47dc-99aa-bbe0c2442da8"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>For added security, you can specify an encryption key that is used only between a particular Windows-based computer and a UNIX host. For information about configuring Password Synchronization to use a computer-specific encryption key, see <maml:navigationLink><maml:linkText>Setting computer-specific synchronization properties</maml:linkText><maml:uri href="mshelp://windows/?id=cfe2d5f2-28eb-42ee-92ee-52c9ec7221df"></maml:uri></maml:navigationLink>. For information about setting the computer-specific encryption key on the UNIX computer, see use <maml:navigationLink><maml:linkText>Use sso.conf to configure Password Synchronization on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=8bf52dc9-bcf2-4b18-8118-d95836373c31"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Encryption key requirements</maml:title><maml:introduction>
<maml:para>The encryption key must meet the following requirements:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>It must be 16 to 21 characters long (21 is recommended).</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>It must contain characters from at least three of the following four groups: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Uppercase English letters (A–Z)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Lowercase English letters (a–z)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Westernized Arabic numerals (0–9)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Punctuation symbols ` ~ ! @ # $ % ^ & * _ – + = | \ { } [ ] : ; \ " ' < > . ? </maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
<maml:listItem>
<maml:para>It must not contain a left or right parentheses (that is a "(" or ")" character), a comma (,), or a blank space ( ).</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Overview of Password Synchronization</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Understanding Password Synchronization</maml:title><maml:introduction>
<maml:para>Password Synchronization helps integrate Windows and UNIX networks by simplifying the process of maintaining secure passwords in both environments. Users are freed of the difficulty of maintaining separate passwords for their Windows and UNIX accounts or having to remember to change the password wherever it is used. With Password Synchronization, whenever a user's password is changed on a Windows-based computer or domain, the password can also be automatically changed on every UNIX host on which the user has an account. Password Synchronization can also be configured to change the user's Windows password automatically when the user's UNIX password is changed.</maml:para>
<maml:para>This enables you to administer passwords from a single computer, which simplifies work for administrators as well as individual users. Password Synchronization is also flexible: administrators can exclude specific users and computers from synchronization. Password Synchronization can synchronize passwords on stand-alone Windows-based computers (such as computers running Windows 2000 Server that do not belong to a domain) or for an entire Windows-based domain. Similarly, Password Synchronization can be used to manage passwords on individual UNIX hosts or on all computers in a Network Information Service (NIS) domain.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>How Password Synchronization works</maml:title><maml:introduction>
<maml:para>Password Synchronization propagates passwords securely by transmitting only encrypted passwords over TCP/IP sockets. This eliminates the need to use nonsecure methods (such as scripts) to administer passwords remotely. Passwords are also synchronized immediately. This means that, unlike methods such as <maml:computerOutputInline>rdist</maml:computerOutputInline>, which batches password propagation, there is no appreciable delay between the time that a password is changed on one system and when it is changed on all other affected systems. This eliminates confusion and frustration for active users. Importantly, it eliminates a potential security risk if a password must be changed to block a user's access to the network. To enhance network security further, different encryption keys can be used for each Windows-based computer and UNIX host pair.</maml:para>
<maml:para>Password Synchronization is a combination of three software components:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>The Password Synchronization service running on one or more Windows-based computers</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The Password Synchronization daemon running on one or more UNIX computers</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The Password Synchronization pluggable authentication module (PAM) installed on one or more UNIX computers.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>When Password Synchronization is configured for Windows-to-UNIX synchronization and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user's password is to be synchronized on UNIX computers. If it is, the service encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host. If the UNIX host is an NIS master server and it is configured to do so, the daemon also runs <maml:computerOutputInline>make</maml:computerOutputInline> to propagate the password change throughout the NIS domain.</maml:para>
<maml:para>When Password Synchronization is configured for UNIX-to-Windows synchronization, passwords that are changed on UNIX hosts are synchronized on Windows-based computers and domains. The Password Synchronization PAM module makes this possible by intercepting the password change request on the UNIX host, encrypting the password, and then sending the password change request to the Password Synchronization service running on the Windows-based computers with which it is configured to be synchronized.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>Password Synchronization</maml:linkText><maml:uri href="mshelp://windows/?id=c8bd59fc-3d2d-49a6-93c9-1c848540f250"></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Step-by-Step Guide to Deploying Password Synchronization</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=142073"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Controlling password synchronization for user accounts</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Controlling password synchronization for user accounts</maml:title><maml:introduction>
<maml:para>You can control which users' passwords are synchronized by creating two local user groups: <maml:computerOutputInline>PasswordPropAllow</maml:computerOutputInline> and <maml:computerOutputInline>PasswordPropDeny</maml:computerOutputInline>. (Use <maml:ui>Active Directory Users and Computers</maml:ui> to create the two groups.)</maml:para>
<maml:para>In the PasswordPropAllow group, add the user names for which passwords should be synchronized. In the PasswordPropDeny group, add user names for which passwords should not be synchronized.</maml:para>
<maml:para>Passwords are synchronized for users who are in PasswordPropAllow and are not in PasswordPropDeny.</maml:para>
<maml:para>If PasswordPropAllow does not exist, the effect is the same as if it did exist with all user names in it. If PasswordPropDeny does not exist, the effect is the same as if it did exist with no user names in it.</maml:para>
<maml:para>These rules apply to synchronization from Windows to UNIX and from UNIX to Windows. If a user's password cannot be synchronized from Windows to UNIX, it cannot be synchronized from UNIX to Windows.</maml:para>
<maml:para>You can ensure that the passwords for certain users are never synchronized, even if synchronization is allowed by the Password Synchronization server. To ensure that a UNIX user account will never have its password synchronized with the Windows password, edit the sso.conf file to place the user name of the account, preceded by a minus sign (–), after <maml:computerOutputInline>SYNC_USERS=</maml:computerOutputInline>. For example, to ensure that the password of the root account is never synchronized with a Windows account by that name, make sure that the following line appears in sso.conf:</maml:para>
<maml:para><maml:computerOutputInline>SYNC_USERS=–root</maml:computerOutputInline></maml:para>
<maml:procedure><maml:title>To control password synchronization for user accounts</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Users and Computers.</maml:para>
<maml:para>To open Active Directory Users and Computers, click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Users and Computers</maml:ui>.</maml:para>
<maml:para>You can also open Active Directory Users and Computers from within Server Manager, by expanding <maml:ui>Roles</maml:ui> and then <maml:ui>Active Directory Domain Services</maml:ui> in the hierarchy pane, and then selecting <maml:ui>Active Directory Users and Computers</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane of the <maml:ui>Active Directory Users and Computers</maml:ui> snap-in, right-click <maml:ui>Users</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Point to <maml:ui>New</maml:ui>, and then click <maml:ui>Group</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Name the group <maml:computerOutputInline>PasswordPropAllow</maml:computerOutputInline>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Group scope</maml:ui> area, select <maml:ui>Domain local</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Group type</maml:ui> area, select <maml:ui>Security</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat the entire procedure through Step 7 to create a second group, but name the second group <maml:computerOutputInline>PasswordPropDeny</maml:computerOutputInline>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, right-click the new PasswordPropAllow group, and then click Properties.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Members</maml:ui> tab of the <maml:ui>PasswordPropAllow Properties</maml:ui> dialog box, add the names of users for whom passwords should be synchronized. Click <maml:ui>OK</maml:ui> to close the <maml:ui>Properties</maml:ui> dialog box when your additions are complete.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Members</maml:ui> tab of the <maml:ui>PasswordPropDeny Properties</maml:ui> dialog box, add the names of users for whom passwords should not be synchronized. Click <maml:ui>OK</maml:ui> to close the <maml:ui>Properties</maml:ui> dialog box when your additions are complete.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>There is no command-line method for this procedure.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:para><maml:navigationLink><maml:linkText>Use sso.conf to configure Password Synchronization on UNIX-based computers</maml:linkText><maml:uri href="mshelp://windows/?id=8bf52dc9-bcf2-4b18-8118-d95836373c31"></maml:uri></maml:navigationLink></maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Install the Password Synchronization daemon on UNIX-based computers</maml:title><maml:introduction>
<maml:para>The Password Synchronization daemon must be installed on computers running a UNIX-based operating system to enable Password Synchronization to change users' passwords on those computers.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Supported UNIX-based operating systems</maml:title><maml:introduction>
<maml:para>Password Synchronization supports synchronization with UNIX computers running any of the following operating systems:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Hewlett Packard HP UX 11i v1 </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>IBM® AIX® version 5L 5.2 and 5L 5.3</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Linux</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Novell® SUSE® Linux Enterprise Server 10</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Red Hat® Enterprise Linux® 4 server</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
<maml:listItem>
<maml:para>Sun<maml:superscript>SM</maml:superscript> Microsystems Solaris™ 10, Scalable Processor Architecture (SPARC)-compatible versions only</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>To install the Password Synchronization daemon</maml:title><maml:introduction>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>The sso.conf file contains encryption keys and other sensitive information. For this reason, it must be accessible only by system administrators.</maml:para>
</maml:alertSet>
<maml:para>Perform the following steps to install the Password Synchronization daemon on UNIX-based computers.</maml:para>
<maml:procedure><maml:title>To install the Password Syncronization daemon</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Download the file ssod.tar.gz from the Web site <maml:navigationLink><maml:linkText>UNIX Side Components for Identity Management for UNIX</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=59120"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=59120). Save the file to /usr/bin or /usr/local/bin on the UNIX computer, and change its name to <maml:computerOutputInline>ssod</maml:computerOutputInline>. The name of the source binary file depends on the version of UNIX you are using.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If the computer is running Hewlett-Packard HP-UX, the source binary file name is ssod.hpx.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the computer is running Novell SUSE Linux Enterprise Server, the source binary file name is ssod.sus.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the computer is running Red Hat Enterprise Linux, the source binary file name is ssod.rhl.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the computer is running Sun Microsystems Solaris, the source binary file name is ssod.sol.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the computer is running IBM AIX, the source binary file name is ssod.aix.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Using a binary file copying method such as File Transfer Protocol (FTP) to avoid corrupting CR/LF (carriage-return/line-feed) pairs, copy Sso.cfg from \Unix\Bins on the computer running Windows Server® 2008 R2 to /etc on the UNIX computer, and change the file name to sso.conf.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open sso.conf by using a text editor.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you have changed the default encryption key, edit the following line to specify the new default key. This value must match the default key specified on all domain controllers with which this computer will synchronize passwords:</maml:para>
<maml:para><maml:computerOutputInline>ENCRYPT_KEY=</maml:computerOutputInline><maml:replaceable>encryptionKey</maml:replaceable></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you have changed the default port, edit the following line to specify the new port. This value must match the port number specified on all domain controllers with which this computer will synchronize passwords.</maml:para>
<maml:para><maml:computerOutputInline>PORT_NUMBER=</maml:computerOutputInline><maml:replaceable>portNumber</maml:replaceable></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Edit the following line to specify one domain controller in each Windows domain with which the computer must synchronize passwords. If you have specified a nondefault port number or encryption key for the UNIX-based computer when configuring Password Synchronization on the Windows domain controllers, specify that value where indicated; otherwise, leave the value blank:</maml:para>
<maml:para><maml:computerOutputInline>SYNC_HOSTS=(</maml:computerOutputInline><maml:replaceable>domainController</maml:replaceable>[<maml:computerOutputInline>, </maml:computerOutputInline><maml:replaceable>portNumber</maml:replaceable> [<maml:computerOutputInline>,</maml:computerOutputInline> <maml:replaceable>encryptionKey</maml:replaceable>]]<maml:computerOutputInline>)</maml:computerOutputInline> ...</maml:para>
<maml:para>Each entry in the list must be enclosed by parentheses and separated from the next entry by a blank space.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the computer is a Network Information Service (NIS) master server, and if you want passwords to be synchronized throughout the NIS domain, edit the following line as shown to enable NIS synchronization:</maml:para>
<maml:para><maml:computerOutputInline>USE_NIS=1</maml:computerOutputInline></maml:para>
<maml:para>Also, if required, edit the following line to specify the location of the NIS <maml:computerOutputInline>makefile</maml:computerOutputInline>:</maml:para>
<maml:para><maml:computerOutputInline>NIS_UPDATE_PATH=</maml:computerOutputInline><maml:replaceable>makefilePath</maml:replaceable></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Set the file permissions of sso.conf to read and write for the root user only, and deny access to all other users.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the computer is running a Linux-based operating system, copy /etc/pam.d/system-auth to /etc/pam.d/ssod.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Setting the password encryption key</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Setting the default encryption key</maml:title><maml:introduction>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>This setting affects the default encryption key for UNIX hosts when they are added for synchronization, as well as the port used for UNIX-to-Windows synchronization. If you change this setting, you must edit the /etc/sso.conf file to specify the same encryption key on UNIX hosts that are configured for UNIX-to-Windows password synchronization with the computer on which you complete this procedure.</maml:para>
</maml:alertSet>
<maml:procedure><maml:title>To set the default encryption key</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Identity Management for UNIX management console by clicking <maml:ui>Start</maml:ui>, pointing to <maml:ui>Administrative Tools</maml:ui>, and then clicking <maml:ui>Microsoft</maml:ui> <maml:ui>Identity Management for UNIX</maml:ui>.</maml:para>
<maml:para>You can also open the Identity Management for UNIX management console from within Server Manager, by expanding <maml:ui>Roles</maml:ui> and then <maml:ui>Active Directory Domain Services</maml:ui> in the hierarchy pane, and then selecting <maml:ui>Microsoft Identity Management for UNIX</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, connect to the computer you want to manage by using the procedure in <maml:navigationLink><maml:linkText>Connect to another computer you want to manage</maml:linkText><maml:uri href="mshelp://windows/?id=44a8c46b-6abe-42d9-be62-595d0fe118dd"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the hierarchy pane, click <maml:ui>Password Synchronization</maml:ui>, and then do one of the following.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Right-click <maml:ui>Password Synchronization</maml:ui>, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Properties</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Encryption and decryption key</maml:ui> area of the <maml:ui>General</maml:ui> tab, enter a key you want to use, or click <maml:ui>Generate key</maml:ui> to have Password Synchronization create a new key for you.</maml:para>
<maml:para>For maximum security, you should use a key that is the maximum 21 characters in length.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To save your changes, click <maml:ui>Apply</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To perform this task in the command line environment, see <maml:navigationLink><maml:linkText>psadmin</maml:linkText><maml:uri href="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
<maml:para>For more information about setting the password encryption key, see <maml:navigationLink><maml:linkText>Password Encryption</maml:linkText><maml:uri href="mshelp://windows/?id=dc5f6249-9874-4ac0-a13f-ff932d8c05f3"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="uim_psync" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="© 2005 Microsoft Corporation. All rights reserved." Title="Password Synchronization" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
<IncludeFile File="uim_psync.H1F" />
</CompilerOptions>
<TOCDef File="uim_psync.H1T" Id="uim_psync_TOC" />
<VTopicDef File="uim_psync.H1V" />
<KeywordIndexDef File="uim_psync_AssetId.H1K" />
<KeywordIndexDef File="uim_psync_BestBet.H1K" />
<KeywordIndexDef File="uim_psync_LinkTerm.H1K" />
<KeywordIndexDef File="uim_psync_SubjectTerm.H1K" />
<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
<File Url="assets\0abd5d77-da96-49c0-9f54-def67c7dfced.xml" />
<File Url="assets\132fda24-8d94-47a5-afd7-e9a1574f6cb3.xml" />
<File Url="assets\17fd8d2a-eedb-4e9f-be8f-a963caddcc51.xml" />
<File Url="assets\2cbe867c-6207-4e6a-ae6f-bea34e820e3d.xml" />
<File Url="assets\2f951d01-2389-4b2f-ad25-53de5b075760.xml" />
<File Url="assets\33e508ca-371c-4955-ab05-8b7b4391981e.xml" />
<File Url="assets\3ae587ba-7932-40d7-a5c8-5274eeee21b2.xml" />
<File Url="assets\44a8c46b-6abe-42d9-be62-595d0fe118dd.xml" />
<File Url="assets\4e579be7-1aca-4824-892b-7e69539fb18a.xml" />
<File Url="assets\606e4ef7-3857-4cc1-9ff8-73f5097542ea.xml" />
<File Url="assets\6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7.xml" />
<File Url="assets\73fef904-1fb4-4f6e-991e-eb22c31fb9e4.xml" />
<File Url="assets\8bf52dc9-bcf2-4b18-8118-d95836373c31.xml" />
<File Url="assets\927255eb-3456-4fda-84a3-11a8018e5983.xml" />
<File Url="relatedAssets\3dd4f848-9c62-4403-bfe7-52364867ea8c.gif" />
<File Url="assets\9ad4d968-10d1-4631-a237-bfa10f15c47d.xml" />
<File Url="assets\9d328556-507f-452d-ab70-811acad4cdbb.xml" />
<File Url="assets\a8886f80-7f04-4e87-b2ec-2687b4555bcf.xml" />
<File Url="assets\c6fe2f12-73e1-46a8-887e-ea873b3d34d0.xml" />
<File Url="assets\c8bd59fc-3d2d-49a6-93c9-1c848540f250.xml" />
<File Url="assets\cfe2d5f2-28eb-42ee-92ee-52c9ec7221df.xml" />
<File Url="assets\d9d1159c-770c-4bca-b22a-65460d100146.xml" />
<File Url="assets\dc5f6249-9874-4ac0-a13f-ff932d8c05f3.xml" />
<File Url="assets\e755c195-e7e0-4a38-9531-47a31e6e2aea.xml" />
<File Url="assets\e9a8eb5f-83ba-496c-b895-de3061f59bff.xml" />
<File Url="assets\f0ef8a61-0a50-47dc-99aa-bbe0c2442da8.xml" />
<File Url="assets\fad30859-2cc3-4356-99ce-4ea74c19678a.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
<Vtopic Url="assets\0abd5d77-da96-49c0-9f54-def67c7dfced.xml" RLTitle="Setting default synchronization">
<Attr Name="assetid" Value="0abd5d77-da96-49c0-9f54-def67c7dfced" />
<Keyword Index="AssetId" Term="0abd5d77-da96-49c0-9f54-def67c7dfced" />
<Keyword Index="AssetId" Term="0abd5d77-da96-49c0-9f54-def67c7dfced1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="0abd5d77-da96-49c0-9f54-def67c7dfced" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\132fda24-8d94-47a5-afd7-e9a1574f6cb3.xml" RLTitle="Best Practices for Password Synchronization">
<Attr Name="assetid" Value="132fda24-8d94-47a5-afd7-e9a1574f6cb3" />
<Keyword Index="AssetId" Term="132fda24-8d94-47a5-afd7-e9a1574f6cb3" />
<Keyword Index="AssetId" Term="132fda24-8d94-47a5-afd7-e9a1574f6cb31033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="132fda24-8d94-47a5-afd7-e9a1574f6cb3" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\17fd8d2a-eedb-4e9f-be8f-a963caddcc51.xml" RLTitle="Command-line Utility in Password Synchronization">
<Attr Name="assetid" Value="17fd8d2a-eedb-4e9f-be8f-a963caddcc51" />
<Keyword Index="AssetId" Term="17fd8d2a-eedb-4e9f-be8f-a963caddcc51" />
<Keyword Index="AssetId" Term="17fd8d2a-eedb-4e9f-be8f-a963caddcc511033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="17fd8d2a-eedb-4e9f-be8f-a963caddcc51" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\2cbe867c-6207-4e6a-ae6f-bea34e820e3d.xml" RLTitle="Remove Identity Management for UNIX Components">
<Attr Name="assetid" Value="2cbe867c-6207-4e6a-ae6f-bea34e820e3d" />
<Keyword Index="AssetId" Term="2cbe867c-6207-4e6a-ae6f-bea34e820e3d" />
<Keyword Index="AssetId" Term="2cbe867c-6207-4e6a-ae6f-bea34e820e3d1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="2cbe867c-6207-4e6a-ae6f-bea34e820e3d" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\2f951d01-2389-4b2f-ad25-53de5b075760.xml" RLTitle="Adding or removing computers for synchronization">
<Attr Name="assetid" Value="2f951d01-2389-4b2f-ad25-53de5b075760" />
<Keyword Index="AssetId" Term="2f951d01-2389-4b2f-ad25-53de5b075760" />
<Keyword Index="AssetId" Term="2f951d01-2389-4b2f-ad25-53de5b0757601033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="2f951d01-2389-4b2f-ad25-53de5b075760" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\33e508ca-371c-4955-ab05-8b7b4391981e.xml" RLTitle="Password Synchronization Concepts">
<Attr Name="assetid" Value="33e508ca-371c-4955-ab05-8b7b4391981e" />
<Keyword Index="AssetId" Term="33e508ca-371c-4955-ab05-8b7b4391981e" />
<Keyword Index="AssetId" Term="33e508ca-371c-4955-ab05-8b7b4391981e1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="33e508ca-371c-4955-ab05-8b7b4391981e" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\3ae587ba-7932-40d7-a5c8-5274eeee21b2.xml" RLTitle="Setting the default port">
<Attr Name="assetid" Value="3ae587ba-7932-40d7-a5c8-5274eeee21b2" />
<Keyword Index="AssetId" Term="3ae587ba-7932-40d7-a5c8-5274eeee21b2" />
<Keyword Index="AssetId" Term="3ae587ba-7932-40d7-a5c8-5274eeee21b21033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="3ae587ba-7932-40d7-a5c8-5274eeee21b2" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\44a8c46b-6abe-42d9-be62-595d0fe118dd.xml" RLTitle="Connect to another computer you want to manage">
<Attr Name="assetid" Value="44a8c46b-6abe-42d9-be62-595d0fe118dd" />
<Keyword Index="AssetId" Term="44a8c46b-6abe-42d9-be62-595d0fe118dd" />
<Keyword Index="AssetId" Term="44a8c46b-6abe-42d9-be62-595d0fe118dd1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="44a8c46b-6abe-42d9-be62-595d0fe118dd" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\4e579be7-1aca-4824-892b-7e69539fb18a.xml" RLTitle="Identity Management for UNIX: How To...">
<Attr Name="assetid" Value="4e579be7-1aca-4824-892b-7e69539fb18a" />
<Keyword Index="AssetId" Term="4e579be7-1aca-4824-892b-7e69539fb18a" />
<Keyword Index="AssetId" Term="4e579be7-1aca-4824-892b-7e69539fb18a1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="4e579be7-1aca-4824-892b-7e69539fb18a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\606e4ef7-3857-4cc1-9ff8-73f5097542ea.xml" RLTitle="Password Synchronization Setup">
<Attr Name="assetid" Value="606e4ef7-3857-4cc1-9ff8-73f5097542ea" />
<Keyword Index="AssetId" Term="606e4ef7-3857-4cc1-9ff8-73f5097542ea" />
<Keyword Index="AssetId" Term="606e4ef7-3857-4cc1-9ff8-73f5097542ea1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="606e4ef7-3857-4cc1-9ff8-73f5097542ea" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7.xml" RLTitle="Synchronizing Passwords with an NIS Domain">
<Attr Name="assetid" Value="6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7" />
<Keyword Index="AssetId" Term="6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7" />
<Keyword Index="AssetId" Term="6fe7d2b8-70a0-4a67-9128-cc3639fc7fd71033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\73fef904-1fb4-4f6e-991e-eb22c31fb9e4.xml" RLTitle="psadmin">
<Attr Name="assetid" Value="73fef904-1fb4-4f6e-991e-eb22c31fb9e4" />
<Keyword Index="AssetId" Term="73fef904-1fb4-4f6e-991e-eb22c31fb9e4" />
<Keyword Index="AssetId" Term="73fef904-1fb4-4f6e-991e-eb22c31fb9e41033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="73fef904-1fb4-4f6e-991e-eb22c31fb9e4" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\8bf52dc9-bcf2-4b18-8118-d95836373c31.xml" RLTitle="Use sso.conf to configure Password Synchronization on UNIX-based computers">
<Attr Name="assetid" Value="8bf52dc9-bcf2-4b18-8118-d95836373c31" />
<Keyword Index="AssetId" Term="8bf52dc9-bcf2-4b18-8118-d95836373c31" />
<Keyword Index="AssetId" Term="8bf52dc9-bcf2-4b18-8118-d95836373c311033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="8bf52dc9-bcf2-4b18-8118-d95836373c31" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\927255eb-3456-4fda-84a3-11a8018e5983.xml" RLTitle="Install Identity Management for UNIX Components">
<Attr Name="assetid" Value="927255eb-3456-4fda-84a3-11a8018e5983" />
<Keyword Index="AssetId" Term="927255eb-3456-4fda-84a3-11a8018e5983" />
<Keyword Index="AssetId" Term="927255eb-3456-4fda-84a3-11a8018e59831033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="927255eb-3456-4fda-84a3-11a8018e5983" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="relatedAssets\3dd4f848-9c62-4403-bfe7-52364867ea8c.gif">
<Keyword Index="AssetId" Term="3dd4f848-9c62-4403-bfe7-52364867ea8c" />
</Vtopic>
<Vtopic Url="assets\9ad4d968-10d1-4631-a237-bfa10f15c47d.xml" RLTitle="Checklist: Deploying Password Synchronization">
<Attr Name="assetid" Value="9ad4d968-10d1-4631-a237-bfa10f15c47d" />
<Keyword Index="AssetId" Term="9ad4d968-10d1-4631-a237-bfa10f15c47d" />
<Keyword Index="AssetId" Term="9ad4d968-10d1-4631-a237-bfa10f15c47d1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="9ad4d968-10d1-4631-a237-bfa10f15c47d" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\9d328556-507f-452d-ab70-811acad4cdbb.xml" RLTitle="Start or stop Identity Management for UNIX components">
<Attr Name="assetid" Value="9d328556-507f-452d-ab70-811acad4cdbb" />
<Keyword Index="AssetId" Term="9d328556-507f-452d-ab70-811acad4cdbb" />
<Keyword Index="AssetId" Term="9d328556-507f-452d-ab70-811acad4cdbb1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="9d328556-507f-452d-ab70-811acad4cdbb" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\a8886f80-7f04-4e87-b2ec-2687b4555bcf.xml" RLTitle="Setting auditing options">
<Attr Name="assetid" Value="a8886f80-7f04-4e87-b2ec-2687b4555bcf" />
<Keyword Index="AssetId" Term="a8886f80-7f04-4e87-b2ec-2687b4555bcf" />
<Keyword Index="AssetId" Term="a8886f80-7f04-4e87-b2ec-2687b4555bcf1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="a8886f80-7f04-4e87-b2ec-2687b4555bcf" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\c6fe2f12-73e1-46a8-887e-ea873b3d34d0.xml" RLTitle="Install the Password Synchronization pluggable authentication module">
<Attr Name="assetid" Value="c6fe2f12-73e1-46a8-887e-ea873b3d34d0" />
<Keyword Index="AssetId" Term="c6fe2f12-73e1-46a8-887e-ea873b3d34d0" />
<Keyword Index="AssetId" Term="c6fe2f12-73e1-46a8-887e-ea873b3d34d01033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="c6fe2f12-73e1-46a8-887e-ea873b3d34d0" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\c8bd59fc-3d2d-49a6-93c9-1c848540f250.xml" RLTitle="Password Synchronization">
<Attr Name="assetid" Value="c8bd59fc-3d2d-49a6-93c9-1c848540f250" />
<Keyword Index="AssetId" Term="c8bd59fc-3d2d-49a6-93c9-1c848540f250" />
<Keyword Index="AssetId" Term="c8bd59fc-3d2d-49a6-93c9-1c848540f2501033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="c8bd59fc-3d2d-49a6-93c9-1c848540f250" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\cfe2d5f2-28eb-42ee-92ee-52c9ec7221df.xml" RLTitle="Setting computer-specific synchronization properties">
<Attr Name="assetid" Value="cfe2d5f2-28eb-42ee-92ee-52c9ec7221df" />
<Keyword Index="AssetId" Term="cfe2d5f2-28eb-42ee-92ee-52c9ec7221df" />
<Keyword Index="AssetId" Term="cfe2d5f2-28eb-42ee-92ee-52c9ec7221df1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="cfe2d5f2-28eb-42ee-92ee-52c9ec7221df" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\d9d1159c-770c-4bca-b22a-65460d100146.xml" RLTitle="Troubleshooting Password Synchronization">
<Attr Name="assetid" Value="d9d1159c-770c-4bca-b22a-65460d100146" />
<Keyword Index="AssetId" Term="d9d1159c-770c-4bca-b22a-65460d100146" />
<Keyword Index="AssetId" Term="d9d1159c-770c-4bca-b22a-65460d1001461033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="d9d1159c-770c-4bca-b22a-65460d100146" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\dc5f6249-9874-4ac0-a13f-ff932d8c05f3.xml" RLTitle="Password Encryption">
<Attr Name="assetid" Value="dc5f6249-9874-4ac0-a13f-ff932d8c05f3" />
<Keyword Index="AssetId" Term="dc5f6249-9874-4ac0-a13f-ff932d8c05f3" />
<Keyword Index="AssetId" Term="dc5f6249-9874-4ac0-a13f-ff932d8c05f31033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="dc5f6249-9874-4ac0-a13f-ff932d8c05f3" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\e755c195-e7e0-4a38-9531-47a31e6e2aea.xml" RLTitle="Overview of Password Synchronization">
<Attr Name="assetid" Value="e755c195-e7e0-4a38-9531-47a31e6e2aea" />
<Keyword Index="AssetId" Term="e755c195-e7e0-4a38-9531-47a31e6e2aea" />
<Keyword Index="AssetId" Term="e755c195-e7e0-4a38-9531-47a31e6e2aea1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="e755c195-e7e0-4a38-9531-47a31e6e2aea" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\e9a8eb5f-83ba-496c-b895-de3061f59bff.xml" RLTitle="Controlling password synchronization for user accounts">
<Attr Name="assetid" Value="e9a8eb5f-83ba-496c-b895-de3061f59bff" />
<Keyword Index="AssetId" Term="e9a8eb5f-83ba-496c-b895-de3061f59bff" />
<Keyword Index="AssetId" Term="e9a8eb5f-83ba-496c-b895-de3061f59bff1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="e9a8eb5f-83ba-496c-b895-de3061f59bff" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\f0ef8a61-0a50-47dc-99aa-bbe0c2442da8.xml" RLTitle="Install the Password Synchronization daemon on UNIX-based computers">
<Attr Name="assetid" Value="f0ef8a61-0a50-47dc-99aa-bbe0c2442da8" />
<Keyword Index="AssetId" Term="f0ef8a61-0a50-47dc-99aa-bbe0c2442da8" />
<Keyword Index="AssetId" Term="f0ef8a61-0a50-47dc-99aa-bbe0c2442da81033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="f0ef8a61-0a50-47dc-99aa-bbe0c2442da8" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\fad30859-2cc3-4356-99ce-4ea74c19678a.xml" RLTitle="Setting the password encryption key">
<Attr Name="assetid" Value="fad30859-2cc3-4356-99ce-4ea74c19678a" />
<Keyword Index="AssetId" Term="fad30859-2cc3-4356-99ce-4ea74c19678a" />
<Keyword Index="AssetId" Term="fad30859-2cc3-4356-99ce-4ea74c19678a1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1873" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="fad30859-2cc3-4356-99ce-4ea74c19678a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="uim_psync_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
<HelpTOCNode Url="mshelp://windows/?tocid=4550838f-a77e-47ce-b3b0-2cbd6b04fe5b" Title="">
<HelpTOCNode Url="mshelp://windows/?id=c8bd59fc-3d2d-49a6-93c9-1c848540f250" Title="Password Synchronization">
<HelpTOCNode Url="mshelp://windows/?id=e755c195-e7e0-4a38-9531-47a31e6e2aea" Title="Overview of Password Synchronization" />
<HelpTOCNode Url="mshelp://windows/?id=132fda24-8d94-47a5-afd7-e9a1574f6cb3" Title="Best Practices for Password Synchronization" />
<HelpTOCNode Url="mshelp://windows/?id=606e4ef7-3857-4cc1-9ff8-73f5097542ea" Title="Password Synchronization Setup">
<HelpTOCNode Url="mshelp://windows/?id=fad30859-2cc3-4356-99ce-4ea74c19678a" Title="Setting the password encryption key" />
<HelpTOCNode Url="mshelp://windows/?id=0abd5d77-da96-49c0-9f54-def67c7dfced" Title="Setting default synchronization" />
<HelpTOCNode Url="mshelp://windows/?id=3ae587ba-7932-40d7-a5c8-5274eeee21b2" Title="Setting the default port" />
<HelpTOCNode Url="mshelp://windows/?id=2f951d01-2389-4b2f-ad25-53de5b075760" Title="Adding or removing computers for synchronization" />
<HelpTOCNode Url="mshelp://windows/?id=cfe2d5f2-28eb-42ee-92ee-52c9ec7221df" Title="Setting computer-specific synchronization properties" />
<HelpTOCNode Url="mshelp://windows/?id=a8886f80-7f04-4e87-b2ec-2687b4555bcf" Title="Setting auditing options" />
<HelpTOCNode Url="mshelp://windows/?id=e9a8eb5f-83ba-496c-b895-de3061f59bff" Title="Controlling password synchronization for user accounts" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=33e508ca-371c-4955-ab05-8b7b4391981e" Title="Password Synchronization Concepts">
<HelpTOCNode Url="mshelp://windows/?id=6fe7d2b8-70a0-4a67-9128-cc3639fc7fd7" Title="Synchronizing Passwords with an NIS Domain" />
<HelpTOCNode Url="mshelp://windows/?id=dc5f6249-9874-4ac0-a13f-ff932d8c05f3" Title="Password Encryption" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=d9d1159c-770c-4bca-b22a-65460d100146" Title="Troubleshooting Password Synchronization" />
<HelpTOCNode Url="mshelp://windows/?id=17fd8d2a-eedb-4e9f-be8f-a963caddcc51" Title="Command-line Utility in Password Synchronization">
<HelpTOCNode Url="mshelp://windows/?id=73fef904-1fb4-4f6e-991e-eb22c31fb9e4" Title="psadmin" />
</HelpTOCNode>
</HelpTOCNode>
</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> uuU�P!�V�U��?%{mBR%* !%IL*H)%e!ZPH2Iѽ�#+(yso~~^ { t.6HӄTBDD(5Mkِ6Rm`@0
VD"�Z!=���2�(˽
qڒQ
+[ZqnsyDqQnnMޞr_^/kC~\\V?
[8q-sZpns]r<[kxj,?,/B>e8gkx],2}+w
_Z~]`ݷӯQ7ws>ccn]7u77 ]u]7u+C]u\7ƹS
uw\'O'7zF~wa\
Lwz]
9to?__Rqrl~k.ߵu:ows;
K "p߽>W7ڟz7ġr8m/axvk;3y
־B
8e̯^{ss|s~=qm|kk\!_"km"
#|rq;:\_o
k| >ۇpv_, '-.#9ISZ~oW.}<s.iIOOtS
y
ww<
nHzlV쥎zffz)
{98|<_rlݯlrN#KYӷ=oCG=orn(߸i6.v><
[6
|?؞=1k
:6
d؟m_{
g_Mk;
cleǞѱ=gg_ub5}{8]m68
oa5=i5v
xg؞ݱ{=gCZc;~5}h)C8vm;
y(<n½
_C<~|[AߚC&ѷu.ѷo~kKַfugַvӡF; ?
_GmV{Z
Mβ{ff}svfmo[oW=o{ߎy-~{7Vk\!ѯ}u ~s6m}y_{u߬WmogjmU
|R{ Q[guӹ.]j_w:fR__j
__
j__j__{]G__/f||nv|l_?UC_]j_껃]X__GZK]__O)_/_[a__gck__gm
v}MRϼI쐴h>v(lRޛs|nx8ܯqȝ|sGE )Ow]N
qwo>arw~>wHޡ|N ;@ <T�G>p}G
gp01!ϖ47#sUZmysfep9tOpfjZlw~$_
w]mِ7N):SJtN靛);S:uJ
hOΜN靣)YKS::tJgLuOmoOιҝ)9)yҝ)=S:{JtJ{t{JtֽJuN靳)ҙ):kS:tguJ̻N)9ҝ)y )ҝ
))9ҝ)/>S:3>:7S?>S:3:t`
OΒ<O\N)ًS:>:cSs
;tdҹS:vJN)Y:SJvOΛ̝Oι:SJ|tp9˝S:>:Ss;tgwJLN)y:ۻSJ&}t}Jt6x9:SJwOΧҹQ);tԧJV}tO):
Ss>S:>:Ss
<t΄ҹS:cJ),IeJ)3
/ދx^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx2(>pD
hhp
!
ߣ!Ѱh3>
ÛG~4
q ÍG0h4z|>
? ÐGP~4
y" ÑG!4{|4=?=ϏhA?h8?Eяxh"I?CG4T~
CGah4T|?Nӏ4~
-ԏh~4
GCahXZ>
e3 ѐ~4
5 h|4q>
CGahzu>
ïG
~4
; CGa4
|>
A CGѐ8h4$}>
G2?kDp
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
m(z&5x
Kg_W~3]M~}ٜnSyU7oTܦo)_8cTrJ*e;=OS9M/ϲ6H#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F?u!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!/!P5)
/q,!CȐ2d
C!d2
!CȐ2d
C!d2
!CȐ2d
C!d2
!CȐ2d
C!d2
!CȐ2d
C!d2
!CȐ2d
C!d2
!CȐ2d
C!d2
!CȐ2d
C!d2
!CȐ2d
C!dȟ7jw薫?ƛj<
i^~$.i'.
p\.
¸p.\
p\.
.\
.
¸p.\
p\.
¸p.\
Ņ
qg
p\.
¸p.\d
<᮸p.\
p\.
#.g
]Wp\.
¸p.\
p\.
¸p.\
ۅ;8^
fvځGlj
vc;pp
!wгq
t}ä5}r6
yw߱?8)߁R >xc
}hq
qxǙ/qp\
O44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM4=Mq[VmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmn[Z.<(|M44M[4MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM45M(u[mVmV[[mVmV[[mVmV[ծvjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjڷq-,Qiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiik{7oq;o7pofop\*.,&jjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګj-q>iiiiiiiiiiiiiiiiiiiiiiii @iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiimiiiiiiiiiiiiiiiiiiiiiiiiiiii?4MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM4miiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii{DzM44MM{oqvuk\Ϸ_]$[%{^si4kɿ;+O~Y+_.ˏwϻLp|}ϭK>!m
};A}/߿K/\é~~7{~~6.3Ɨ.o9a|w^?/̼?
a |p~@lE]�H��
7n>QBЪL+kqHup1tw*y
UU}}Ͻ}>МC�H�l;�mQT*˶Ăj(`fCra `E
[i/)k#Ţ̅.#RHb3B51I0Hj@Ad�F�t
qI
A F*ۍܘcߋcS
B}<<(a
᳨B[QcS)aUK&!zQܶu
*Ry<|e-4%=C2Ȋ~
Ōk2_Wٜ.EyI
2( wt( _mC 7j=>F4t>P1X잖L
23W8Y"
+ڤvV*E�`
Y{S&00ڲ
+L
,:T?=i7Ͼp%FEP?r D8|qm?m'
O3I|H':CSE;2!E3Ȏ<#Eؽ8= >Iͥy
)?-
ڃ
PLB+IGIƭJ'WOG4$
n&:`6<VJv|u(߯
6
;?bxZaD!\
/Lij[))NYpVRB;&
X
u^ X9pJQF$J[
V
7jEMo+;.mSgf
({!U
{
~ #]1WX/
J?7!R&RPs�H
%gsh!B=0|,
E*e$ou`U(
44#
i8g4X]5sP$qܖMR֤�`4u}Z&r t-DS`NӯKq^
2BK_V2I$;(VJј&<
OJKH$#!sH̶8JHGv݉v{O@)rSRe
E-
ޯǎKCeEaF#�۵Y%&Qcfa'p{6#恉UۃऎɏbhzQՎȜ1|X
h6ڪ\jƅ!Vؐ<3'>C0z[>3Ssܩ6N,P~a
>.V@B -~ ih(c&rK-btQ8ZZR&I*fZe
'm=ϸ->䤷r03}T{'
x1HxQn[n#JƎJ klEV9O]t
k
$ߦO-3Q7Y|mwIZUTo"I(rtk< bU8Tz|]f
G>۔5${}Ew|s%s<�=Єv+n8O=b$[m~,)_N(
ׅ#˅*_xP/PXcu;Z;!I|tA;B
vtöZOko5>2ٳe(,&uҒ+U
p5
t>«O2*?%ɉζdo*kBvb)`:h?_S
eӠN͢;J<4UQY1hgq7+_saxOöl
4bi;'gTT#ҎWb45[,'.
97-VK2Vx]
m�5++|RH&ՀFsZv*=qYԖ�:卵'>?CP8
a3AM=
Ncֱ8hAܛoB__1nNvH/E|:HҳD6;駶{訇$l�F6p[UFռoS<מr
ȵx
_]#Cf0+:~2˥OSvT8QIG28j}
~^Pz4xt]lUR𘥸;YNz5=ua#YXF.@84E\En&lِSSZE1N5B:6k$*S`Y&bhSƭFʯ_V>X80aAz(w8BoRt<p[.
[e*dIi)
Q魫Uiː䲔~zM) Z
\MMϏ*Vp7E/TD[
#_K7
|¢T4a$MO[KI%ROpz@oϘ/sZ
Ya>9.Ft!'QbX:�4
<'ݸ]>jH_Ã!kE(=oOm&8'XYFZ
L[
�v.3T>xʇ�=j[u)q |3
"J7M.k1e/hŅ=
dI4Ba<GHG4ee4jd2Kƒ/EdgI0<Za<X[v0?I.j
)
t
~2Jڽr\y6G
~ދYC5"4TIGKmHd4aJ�
4ʛqPncX/fTSkYHۏcdtK٤R&^J>Xт%�]gl
,swyBZF`DV_
8b[�p$,vx@!$BE
xyL~(I>$=cQ
kg>V,je6CN3MZlƻ=rtRd?ܣKrm_x
Q%,1tWSp^bC8
F/ȃ[�(#_max9x}#
0܌wcs+ SJ.vX
J i,Ru
oak[G;3FtT_<6e46
JQP-˞ ){rﱢ
=vD"fR&lh @'gL^_b7|Ĉ
}\uT:\, WPn"]OT=X[-'8%! S\{TWz:Q}Ffpj)Yh,.Z WZbA=@-;-f"in뎣Z"ٲLdz92iה];Yc/Uh#sZ]rƐe%T3蔵jXxb-VF
HFHryԕc*3mem
Uf_S#zgY=%.m}BQ$Pk
Vc
Of
_E45RT8MYuAclL\}�#s;Y=K4.ZW9>նAnp[K,nQW:@|I1
'uSMzv b.
4"[H$1M%ח
}7$+JjS'|G!,IKu5
ST Lrl7$F/Pb!& 'r@�~g7E?Ww{e-Zi
L٥Ξ
}X0iیCe
Mng><vz~:W bS7qƩFMlz_!
v7H\�g0"5zu1!)
0@-]
$cKf5c<+ڍ|eɣ8c?F*CD^ WS$Ux
HzF)=gc1
M#T43i
}hbR
i|_WS-4i
~WM5OLy
K9AIsCLn/ʬ߭5rU4%3TiVf
wDY܇6!&:jۣYYJWΈgTs=ba
Ⱥ݇�pv03 <x
YgKNlaz`'v�Tw4UJ?N&qP3܊v iqZq- =+DkF
K^ड़@
O
n w
):Zر,bd/`,PiQR4<&&>no' [E4Ksb~g.d0
sV6\=bA߰YOJfuHvddHS
e!g
i:Yǘi죲d7/P.?xtD-x^k4?JI/֩o
ۦGpt8g8.17|:
3^]&:.BijO1 .Ϸie1舙J>cyg? i`aFo&Ub[$m
t;7np$yp$v8 2
$ƒp#UMD${"?Uڑg<4�
~Z=6
F]ߒ# glW
oˋi.au1a0:INiANeVaWJX{$W²p!KίG #4u/`l3VelQm\yGI/])T+�8P?§1/Cw0z7*dNbi{knoofu7I <geWٗFzÙ(r
N,HL: /g{Isj
�9*s㱪*H $}$m=9N>kB@ӎ%کUT=/m6&J!(ɐ*%䓣,M g![sj{Iv
f}ekM?*
'�>rC[tE[hHLz3N
?Z'nx>ϊki=sRn/l&Ms!
D]T,(P4DM؆a_,XwW@!97^D
Í9`
Mj<;g
#nu\X(32W)
: '=k\=g?HҍK¦bo,kQxۓeJ6j
u=V2І{d**a#1eq[ =k
RKTIhj7^WRC6驵*Aۂ4>f?8/ ވiۧ4;~cApĔK]$K*VW
+
Fd&n%W=f,xESjVu_<?dw~C
5AF['`^֎>TJ.-dȈ?sJrKL*
}O'EM^mV=CV%3촼0$2zUS6?"\q1a&h&JwsIrxw}3ېYsZǚg~@aT0KN'%JeYYYSLE0LJIZ##G.j
DP
P !:0?�$/ܴNp<7ΰ>GhOt%z_?t
A
tAt
A
tAt
A
tAt
A
t ��L
~G_� d
t]8?m"! C3"QunBE,*ДM3DJ{Eۜ]ahxZL
[%T;mL%rgD
6<
@%<bnW쾬MFN=_HqDEk5iXڈb,
-c(7)crdZz /3rЇzs?JىP3VL*?uXj0G'*xA$RAAN]j<b@v2
L#5S
0s.Vޫt1In0VgQ
uxGm*fV6!R5vLdA},e
$*ơ`)ɓ=a
Կ1G3
.]u[ <A,c,Tz!^-n3ổL'b�}Ȍ#ME .A^"爏Ô;US'
K|2/&
kւ6v-c i
>XXvشjRcnh�s~i蚋=)
BO@21d7,\v| 9Ɯ5!
o~U>7e8&P
WMw=oSnjWN. ʸo;#(.Pm.RN̤͞L9h/yϞOE>pܤ#yv%Ebܛ@e4w
f+P
WA_PƜNdW886= ͏NTLM
{"A1ZFhqN{e`f;_mxxQ5
pU;WpkIZ$\Ef1٫Ĝm+N7TMPg 6<#P^w6?"wIR
1f6 uN6tY
֣*@osjHz(TE{D]>Nō
D1{9p>ZrVFdQ!PVtA|7<a-%79Э硔t|aL=
ĹH
J&
8Hj0ߡf4
\fv-Q<D,
>Y4^}Yz<퍍7ɩF|h퇝ݜߣ
I{v0py3 mf/2i[ *trgz6] 1TĘ:7Vbiv&
p_}Lv^{>sk"OT J~qs8f"X:K
DZeg\>?ky4htqpe
y6?$PR#[+,t8Rs9w/}eF!:[+Ⱥ
%0cH)`ipnq⨖LSus3P.LyRM
WKs:
hJE\~d/'ѓ-J=/+7PDg?(muU$yGLNտ]~C k]s7c�Tè[
w`Ӱ}`;@iBs
B*"t;c5a 4I[\([!I&V�QG%QVTU
lB`'ٷZa~I&2F34?7mJpnKd[|v."cKJokx5"Gӗ ^onć.yx"9$e^yY7ogɵVZSh.jUխ5H %6}j1RxK?薢K{/@8Ȁw!tv.sݞGr
rALh!mTO>@z�҉̜eAy1`O+1 @}ʞsFC<(_b0yAǎfqKyIG)w/,sv[ !S5rnA+Kknweר̚>6-S�NU
R{_
+GvIf
A't֕ţJդyxCٺ
B.Ӣ]�s ^s
26W
S+WX1&4zB[H
+`~ņ%key
d=Ddwj H
l'4(XX2I wojo2&:~8FMߒ
|Aݪ<O?SEЬF)> pVfWS@&b}R3bF ֓g'^⿅zMTaql'SI^ll.ڱsWk"e
J|^,qnWEnI[
�0i}S�RT ]o_N44(tJ'<
އu
9K\[63r7l
uEY؊ǑqTWuXh,3)=%mH7Q
2{'.3$Wq`D/*my=
t@H(%Y' c{G.j[<1ߌnw<ޭ^
æIR-H_.<
J[>-2!64sZFcտh[
^PfwT]hk(ԝnIh}N,[}
9ТU«uW'h)piW_o ]҄{
E$>PwJjQۖ/5A!
%"Am);f&#XnLzO8uO_̥k�
{
CZDjBzJF35+>G
v`#B>m9/N3XT[q14(�4?{H|
M7#+R4b8lQ 9R]Md]F�e<
!?.U9z{sK Tw
! gis'vh!=K3G =-ă\Ŝ</{M$v7?92cAM
]dZ�#n/ %r.w5alZ)Qʫ
M 5nu,w;!*mV?-)ptYJ J5\67g3./ݧ(?s[dA qah.SV2Q|*Q舠Ka܀ғ*!-Brm4GǶ}-5 CPzKI04
|Pbw:U' 'x]Ґn r
?SQ(CF,[<t A^c#ߜvg7~SQ۱
W|>5>D9<eŹL#];yPc0{E\6`LV@" 0`:�)Ĕm@M z:[
0Fn|`5(w]Q
c*GEJB١F5tJ>YBZvF;|Y2!x-iic
jbýȕ8ذ/rv@ v2}5Kα0dիѦfOo{E
]+yv?+
IPVS!LK
OuWL�3 `z DЮẗޭO%QYqdUW_fcݓu`fZ2PrxjQ+1kN_
IV?i9INٳ92⬻Y缃̘
�|v g2%+*7Ιz
xmĶOa:QNAC6.TRD5cA&h5-zNB%=`?qY;0Mwzy$(
>[s#|/ SRzgg F-*}̋q
w=)
/+|Ԇ3D* =
4Ht;ןi]rx0.EY*]>jtǞ
L<Dy?cCܴ3kd
~y`,e
4}."
0%-=7bhTIe�O 4q 㗶-2V
2OI#,m)4
g,wÚR7߃}(iMSv1@7uV")
t|l@G$be�i 8(Qx\ؑ]epٲO{߃
IlpPλ/\;H
?s
`7ppD=r
۸FыXI
s*`F}84Eo
$]lu3|d^v^fnEM@g3SQ$JvjLlE~9J_J}rٿ.)%"-_U(]GZ$'qZ+>L[n
S%ցt>vSX U/c\=7Pw`aw_/'
. y**ՔsR=YJXK$r$7#u#("eD
CN ]" <4(Z8[hI l@`ZAQ��#:Zd|r 84bE7Yﱘ
zL#-ר_-K
:1NQcL0xkh..sma 5]1aNnQ%(췙~y
q Mrijgs!ۛsЕl0+\-; S)/[!f�˥)*Zu3A^t]9rOxtQj
u_"Fu<4ҵ7BP&x� bG+J
CO(nl6Wהy٬"�rB*-4:y\
7s=QT3i(W *Iq١_.C>rv
O*U_I%ljCuٞ=)UE>ao
|!:+D1O(PQw"m|,dxTa
X&2itl
%"c\Pk%
/ra
#
Z]Fà46|-LB^x,x
\iy x]E%BLto
O>]䠓sXb}Dp$ddI5Dg*Qh
GmwjɓU-V>6BZKJ&&\lj=?=oF|.Puy%^xИc
yPU%.?s vE:_!d1
DR,pz2Xȫ5*R3"Nw Ǩ~J 5Cs?EPcG69H]uwغt@^bl;*:ܬ賬1gp2 MkKHSuD?,|J.E
rŨw3;kj=yv ]tmP=qgZۋo<
BX
Yyw-p8o
T䲷6t<R͂Ej
7T@!OD)R=rKUޕ9?5ۢ,u`C2bͽd_Nx�ddne
Y[#'IUJi?uZh-iK
)y\9dN1y?s"Ԓ_j (*45r^!
bq46*3o|h<^kUr,@-
)W
UsD ZzB6HTE4N
KTzZBRiډȴ-s[D
rȢtDڙY
?ϮW&tQ
qsll_-gLE-'
<kp̰qb
˰/S(7 tע8U'~�ݫI(?aY5(j8-L7h]|}=q Sv41!:Pƶ?MT\FEhccqec1N.\VI[˙l2ks&Z@g̈pǦXRgj<,/L
<k0#T ]m�蓴O1vr=\K/z|@ [4eI U`{TMP4MwJ)o\E2k>a-y3
/
߉
W #C Wч9կ>NgF7Zd}ླྀ+dleh5;\uR>mhVZ\Umo:<Rw;c
[hlw*ԧ~ rD-O
!DQLu/Ў=-^r^"yo7G?
D*_J-A[
<9&TY+j4bյAo8MkϖLĨ\a";
b.n(ժts}aH>!/-
�KƳ4t4O~ZaDÇ/}K>WWk<&3,4P`0$'d?֘!NjɌ85憬l7
FE91do8LM̽9C1Ε
Eq뷨6&6s~66�,wJ.
߾7 u?^T
Xll(8VGqZ GOy;1@$_B]M#fcC_IJo8[�r=e"{Y1ڭ.ߦb&(>6Xo`
0;f�pI'./];h
aÎ!
e4g)8ۘ
p6]|SF٦jFq!}l"xKEZ�
(yq�&r/Af./12SOyR8jzl,^G?.!>r.#:cd"f%CSBzx gtb*'-K,V`LYk@]Zȱ+sPϧlJ갴 m/扛YFM[$uY`
yjő%˦@¥
(<F'�
ZJa?L|Y%~}M
?|P
[.Ji8a]x,qNunpq
yZ eb
47.t�lT b曛 {�
ģs`
uS%:Uf6ZR0j!ܗTV8|ec=d0e;1)Z:>ʢ#~
o|k>ZqW{w/`Y;/@wb-
ǘ\*n+@G&:[�8Yx"PAt^9$G.f
xAXWx]FEVn!y
<I8۫i-{
_hnK&f߆8E
Qӆ^zt2
au%iăN
UwǤZqbg
zgy'&QpzM@PA=\tXO˵]bIv]͏GZ6/"߫[1SV7+M9κe8H.ĭ_b2ʺKte}K7ao?ͣ\$ٮ
z{OƛHM" Cd ov-ݒ;>} '!"^ib3ώt춉5"Dw!UضGWQ4t
4j{쮮|˼ F g7JEYzJ |`ԫ-22)DPEbv
EFcl|ͦlDQN
dY/@^*" q9{t'rqQ[O=*SY;Gd2
l_ӀkC0*
`L;`hz^1S|w<}QYbc
1N1<yБ<<9'Xk"[L]
5]ד,ǔ1f`U" e*Z {"iQ6k:~BSMTpbG)G7+T,uZv^<\@y25 x< \d ^]B7Wc;Y,ISĎqlt=qQPv
_F!!#ǶJ5@2[ nlF*M]!)dCGKC!>u9ght%r~hpydmQ0&Tʩ?[%|2yVaz{}VsSL* \ 3e XRuɉX0
�b_ѱCƜ$icOɌf,
<eH\UYsL,]``o[0
f=ZNjs):a[l3VG]l͙ܴ]5 a(kպ"TX <n+wt[s60vLdV>>ICmo7Kį�^c]?Es5Ϝcr0/-RW$qբ?m.k$(^évF#pDz[
E݆Dgߌo?#L
(4b#.֞j3&vAd͈x&AkJL&"j ~>Mk
e
OM[ ×4xAO|-mNz0'=iWA
m0wtoUDQg�FblIgd"R}ctr)o&wHv(O6֛B^Pa_|P@?oO8nd;3h bp3k%
H?YCJ
+T2El%l
dӤLHڌ_X,
y)Yt;!M+QWSkLKM#L]
8PQQq˝iDMt
.A
ҸwXiԹE p9
d0lҸi͊mm
\2IXXw%y̳n\T/r>CVP4 d)ݓ8?K4F-.z/TR\c[g6?0
Wb+
w'yjc*5Z͐
-fx,߫헆<E^Dz
i}WVBI=NEӷ֬qQ2;f>WDԋt]\_a<R:ņ6>YJCQZTǏ]9X|")ZK]R%
CTh5la+FzM|6۳1"Jݐ1]c~e<R-SV
A
*J+0a;nzviF- -N-,'#pE ̉5T%1-2i'y6 #G\%TR#Ơ>+Lg*sg&-)Ύ˿vƏ%dtO*$A3Ɂ*!Vj0GI.bUY:pmE_3е X&@U`'I
Q-ГX
_i`x4V$�O^eY կ&(T
W;x<팧 +bƺV7kezMiTkBd
҂ *X_45{|15gЅPE%r"XISM6tJK2$$U4d
QshGӁA]An�CÀ
�tA뎀7gص
FWۅo+9 沶岱uZZ2μ!V
păc1L2n36=$FEcROͭב
U $wN
ap輆P@jޮp
;I$TA+W|
>�n"ҙչV&=Y$*n˼ziFҫR]1}eTU6v
Z
y\u_|
j>[ug�06!x9nx'H
࠭%a"&[~9
85GL(Mac7
$'
Umz~UJ.I
qsׅ]x\vX4`GQdg8,;oO</]ǛdjRjyU d\o
B$Bp 1HIpgF˄1�<QYc@5|ݐ龳2a;D}n Q
r({
n;jUv>
kq!xx
-C$##y#I
f
(_rOD
*;P;MvC&
T9"zHv^`_nt <7I
a}
G'lDٽLNmeԨLZ"5 4,i43r39^CwUMJ|vd?kل&ƧZj%Ժ BS{?D
+~vAܾq~ly
,70OdxbIU'_3֓bۻa_`OpǞ
#�
5v9mgfLN
㠐h^=!sQ+o}9c?%>^Wӽb "bXo' N^?Vlz
V</lY>f^Ug:!ƔE[
I_qUClr2/eJR
v
~rS#&(σ1q .$GIac A#e�\X YHI!*%
`m;Ikjr4Ig%;
媨+kG){7ad ˆ3gJa�1j%[t2cdIJt?S+4D)
^gbcq",rV*Q2PsJww9nУDԉqGv$ўb-1^5~3Q9}\RsXǀ*^
U[x><xt-v
ғ
^
RW8n ϲ�W5:S:H_O_s~N M
o{r߆K(>x2
^гH`oOײȧZi gqۂ_bKE"#N
"PflB6
AR`cǜ
!`Ch5H6 \I..fRZANy(!ؤZ9:t||oGȏU2EZ L
k\Nw"N#2^& \�tK[i*�hvDoW
&Z)kH
OÓ#}IPH:CfݕͦM$;
;WǕbl*}ů?h䐤?M#�(�}h[u'xN; d&A/J%Eï4U&8|
NrmEd~_Q{^vj >^;
ݐWR'(Zs.XrK6i":
q4=Q2|fi%I:WA
3=9v_MizRdL*D&?=hH_ȍ
:ʣ(d,(4;I|_gܾY2|6$?h縯Zz|3�.g
גmok~
%wV-#j@`6t 1O,Wep]UKT^Hk%`,(LS[Y+wL
W`P#d>yNKHdz6dNsN:4?zù'IN
,Q y1tƞق^6sCf㞊@f41a\FRSQO
~#~qMFSXh֥ ς\QͯL�bx8#=@C D$Z_∋CNB/r#z
F,~+[)噸B1~5LO$hB&FB܄'<i]HVNwsH+93�}0]Q&|;͑Q#ӿ|ZU|)|�D+{.YE}_.b"ۡ&~1T.
Յ_noB#"iMZH6̳GJ{|&Nۋ4ja<3]@xD \9(
&Oyc%턂;rV0 b{
v:EIoh E/r^ma7`y~۾iH2i$ړ58C^;NrbŻAM>2ʉN
0iwr'U"5D|ǬM &=
pa
%
(E2+nBjC$g%-Cꏑ'3?]w
w-+
Tx
QZCX/~\Im#74`>�PDOL=Qŏ8#{
� ^ᵕ{; |
]^霔ڣd{ �@I/rY&dƘKi
{0Iʏld_tbk`1@f
o#9l<S:x_/2HdwZ/[>5OY5`8O"w{NOn.g1)$~;P%D}<(ih
2_B /O;&Pf>!6
eh=ak2^ZN.[m؏
05'4'X0 >1B
37<]W9S$2Œy^GW%17B
[F#Ri
uupJ~6
X9
h&21z)+CgD{uxAϗy|{Y<qf8C
C2yZ1Wi"H
֒cq4jk}Y4tP1)4|@Vܬی
!cC\Du2f
)+nb沆K.BG ڭT
dF,Rv\c?!k>COݢEyZ>([I@
4=ED*b[nB�z,�De33Xw
H"vO`'9Uk_8ʌZ÷*j9z_L$$cj컊#8 昚1xAP!9m=
nGi?�f;{vd̝ hnN:Do˫"T?j]
hv~/
tZFڮWpf#\1ݨX;
}x
,Y1$ڨB
;|hht:f
`iH4JBEA YNjP,Z+
LMb?I>1#7|>2@~/nm cȔO"l@ay*BH
G`бUJeɬbu&IܣLDyy7@9.r
mM&d`DMVoAPA˘^ONrmL};ad(P4P > Ln+%i
_0<bgA?nMQy
Yca
q'9Qx{nt]ɨN]tA2_ UvbZ_[M4UZF)z- ܱd6WSrr4HN|3<h
=FyӷOr)r[ʄٜN
HZi#X#";nNcYe(<|71N.QcFݒ9y<'RYO\xQ/y8
=ֽŹsV7 +G+qMJ7.
*ȴ]k:p
HX.:ehxo>>=$t>ri$ǭ
Ts
+ak
D<+iMzK!1Є Qe+|[R-[KR
eL2WyF,OTM&+ =q )
хa@0!L ́/k
{c
?7`_>"FqONAi7"M&.JQX8?]4Gi*cØ;wnՑ:*bNȳdф`ɨc55%^DYy6j#ô{*W~TfC!}"g2TI|riq35#>4ĥ c&+G2Pȳh5Y,hQr?U~r __dvr54Pz
tf)
P2
浃~R̂<L<XYݒƞpr;: MY`JIs*JXyLD
q}qeά0^T+u>
Hf RydZQu+
B\|Z
L2G7@}>:w40vv<\I@ v>JVAײ}d kڋ]
FvE_b]&?s35\oP!]|�#2Zln^t$`a6a\!@fIr[jOgaFGmvMLbG0?7ED@
'@$PL}m;
g>&
2λk< uАJSMdwtt%Nd
8y۰8prQc.K
]cjwF 4
G?P4
sU
94P:~]E%go
Odg}ƎTK|l
|i,U*^CTF3RtZ-LYҮ6(M@Q`d:p}`
rt,'
AJ5"pgїүq*c}le|-W"M+eXd�k-SwXOnGKmA:UylL$jNի[O# EIH
)G<<(#
_m
*>�sxBދxaEFFJHԾ.cwr"J2�ɒsn8<DS;~:v!+pO18ء/"\03{>6t>8Ծd_72
zb"G֢4xZcuQ5U=Fr
Lҷ
�!
ilrolU4
/k9@XWv'[B>41 RWSEfs{ W/i&%
Z/ϊ?'6&3WF_
_}OmYN6n
6ڏ
Fe"
i8~UĵW[?s}u b
'D�k
|ʀd)_Lrs;
OHU}ˇ)A
no
1RX ;DBukS2cr@ϴܕIEJ
aIgANtX=#k"[O@g"hI|{q[!Aka^
58
l߬HgM?f8'yy1.'e4LT/|S}ѓ#Kv(
3'VO =
?b
tj[|Z$o7 te90S}i X!qIn!LSo<M{(Ϳ9� :ZR-]e'cJ 7Dj3^+`]Y /=G ?
dl,4FKFpįq7ӂ_-ETWr5$cc.�GRHaq6}?"+4E@oZr{8)lszVpǙZ6BF6CW^mQ
8Ø8 x' *B'|9 /ݞ�fiJ
<|xdd=x
?KF잩Uu7J`Bb
^ΕFK
_[6ItfM5OZӼvF|>ki|-x60U4}
sXR{I}So(ϘB1;E0jۙ-j8k
ܚd̆~C۟(lV
>DYf.3ڷ]pr( io3VlxĚ
`fh4ɰe3`Wy3X՝T DQS^S!q[ԆjSf+�ɢ%Q@qZ
0lKA&JLd`Oj'WTKz
N2ݺ!EgC:ToZhu-AOssG
*5&IaA( ʠƮ<$
LPO}b�I"
dA Q?{.gANVݽAnɽJ
q
wEquUq.[ !
o˨ҧ6lz
Fl;84c^Z<&:_Y
ukLYg>-g!Wέe(jV@.&6{!q\}g$m_~q>KM,CX^fXmRiq@4
MQ>T.ԏᛴ*
k\*%4T[4R]Q,R2
RY{b[&�8~b~bDG1rP
M/(55|2RޔsCorQWQ (qyK|#Zk8@uTkĘ+\p*of
>*)n"́lV||P[hmuB6}~*
b(xCKuNs`4`C J@SdV.Qۺ
J.e+/IX!,{C!
'#Ǹ\
5]k1nlsrIr
rƫdirj)(s)Tuy:H!MPl+@4c#bŐs2CӀf:IT~v)
/n"Hm(fVmvM/ļkǩk<P<y4?Q>8p
Yv` =RĝJhC
/啌MOdpvʋw(8' }.ؼÁcWز%њqb3
荶Ug)FjԎT;1r4xߪ'<DVbJByze=Eo%"?ɮ6|msAH-V2dށ_Y6&E
Ie-<}Ɇ/$nWgb>lP, t?ʒCfç98{ABj38Lf
<2=Q}٠]Ĺ*j
wJ};KY^]my9z憅"lPf[.T+_o\;獪aC#vJ]
Xl~vO_=8I:
i|r3YDOawUv46O+*}35p8ɮ0
U ݮ=u|)նXc"C ʤ4CV-' R1X)YV3V
P3qUכY 7Je4x˺"
TWVi",x(ne6խt2NW= Z'U9i6,\95⯯U!EƆ *-ډP&.HI
LrQ4y4::M܅O} WhEt-Nkp/_
ٲAm ȧż"ON/WVJAR\>UC*
G+6H"Xn}?STLLi؝
mʪtUp)$_p
>,ER3AL<?6@71 M)lt 3(s
aƯޕ
[̓hY$@>}
#yeK`
Iiъ5Y!A^BBŐDjiwz
!gv̏
N"JQy(T3||hPG:έ<";ۦ\l>صpdMfèdE< _$$kX@~{\Ю;ŷ/wLúlF
^5 B܀M'I2Q n##AW[m7(q<! ۟3n2хC\m$X@ W=01㨂ᛷDļXO쒴2z>
]+mG{ذ#
#KW2|Z~\EyP!:K
[-
4q\:^I8jF
i
"
l__8!kȗ(i}cExo
9ɍnw(Zwv~A<x(}3R1#ۄ+ daeL*DKΒR/-Z8]c
D$E\ek\oa6niWp
g~XV̮Ƙ#ssXK�C=bq=)eV}m|@=^�~�hs]׃?6i٢l֫2I#o)DBIWen[lf>A권*'Ose,]1j$b"i,]_4ڴS_ޣa_?A]~{Ӡ-h/rN
ER>j
kO`
]^y$BId;
2bD*6mѬ>9{PK03X+- M H\`;1`Nקfmи켪\ZY+NV(TQJ''
%CKs$4##jj5$
!+Cb
8`J6 Fc`BeJ@0E /Z
Cz!
Z9v
iJ
joT\&fS
K3
٠FomFazm
E
;u[)pXhgyTM5|EZ{<uVÏkIDeݽe
$:ʊ1IJT
:B/=
]6LL) 9ɪx(HחDc~+B(7
!{(JL!e˂
:*ѽ
#sͧ
KW-vX(Y>F $ǝa+uhb(8{l2<QEOS~ K^ڕ
@c{RUtBJa
MIʥ3<,|
vB^>b\ٶM(-kĎaC>QWg˪M/B% Iym,'SnJʴDGx</!):Ui
D
FD.\ 8; rAiիgg=vX?ϱP)o-,Z>2dpWsx"EQM_.
iC%j`
=qj)>u(w7Ο"[GP+@ېm6{4Y` HD]
ڬxq8<^(GkLb%t
x%x
^}1)ݻg
bO%
!R9&Q:Ie<
<ֳeM�
|&fcA:A%RwA$g�i�:::::::Qh-?@=X!1;Ƴ@`KZr-
C?l)b{[34l3N#?XsB
Y?~^=SPKyzh^8g0&yLQȿj|aWI5#bDS�<guֱDI
ocykY.>Gq՟5QDsv
?\*R
Ù,A+ȱ]]ʫ8_#pbIl'6ư&$288y#U$Ky
ZO-=R)FHvgOVhj]jQ4fYMux
J ;mp?rx2nrNsˑݶ6y ܹ
wN
&M0&HgrlMʉ;}i>?%ҝuRPKg-StKidm9J]]j
i(gQ9<n
Hbnm.1
px~P3Ը
揄
t6R1n(',W|P6Zĵ^G%J0vع_It[
bӤlqM¹yCM[1? #fN*-q+^5IbF39˓\ r& pU&*|!Bj_Q-l+f5.PFX?&oӛ' j5ۭ-5A<.+R6.D^%hz-
'Jq>,$j
CT'22V\zn'Vk{FЧ-R 9H=*aS" ]G
-&
["ʆ6V
5`/5C
εZlt%p!UMbs5
4bv#)#{M||gBS)G
q
Al9cp)xݫH�3?-H\Pi\NvIIG+FYQɅ:Vs'%\c
XTYC+M-xI6Ä;H85qHĶ V`MoI!pXP۹qVJ$%
zn
/أL"jq,VxHJְyHxlPQr'9GĮ*7dݝG
k
-:
Vq[X
oYRs):0?|LhBv
0Lvab)6IV"a8"#%:1|h%0M
-Vnx+
Sj1a߀ٝ$(
?Q;є$I
f<aP#haΎ
foKvْih*;"*%[BADr~sBCR- O
Tu2ܗaLNi5
j}?_鶪K\Z^*QOېU8ۧĄ'G!
?
pjfŶ9
߬nWH#s4GjFqraQ$*J>cSK7ԜV`~i?N'"'_
[jLY-"=x'u`k"[P/!kwa,
$|)zeyx>!D|4szY:ΎL1Szˇ#cǁnɽ=6
:͚.ؐBORI
)C!]9lk~Nvq4HN
#7*4~;5`
IOJl)
WmT+0M
V
hD9D,؊dՆ{
"NyY@}
m8)=F# j
Ԫ}cɩCs<QiIg8YKE<VRpZJx-l,Pg
*
K,1 @kG=ٲQ,j.JWh\#YS1ׇ9sZ*OnjRv;f6йl2s@m;d8F٫'>qԻ)Â
VK(blmfYo4أDD
SW' 4l8:j,DW%ڵQޏonސѹeV44@b 5[xA<I;$"BmEѐ%_ m
}xˊY(CE)G1\eϬ/{V?Kd~_b11gY} (?Ϻ8&GtiV{
{y`c@ ez/
DǼ
A/
y^V
^{~_]�lRR]N
K=? ŖҸIc CNAB'qķ*Apr,+_NP;̶zs̎�vĖs0Fl`lY(}9W9�9ws
~
ӻ1* ߍ7XR۩o {9y3q
ʳB~_:ݎF_TK}/RzW
PH?#^ctK vn#nD>
JØQכgEEhqPX>?21s-{a-s펥N@C-en5n�_l< 뿖 7Իw_C6~z
+[)J`g<t
-H]:2{P!rt C
gtu0d^ܸ@=Ȼzl"=7*UbƂMFs!?:v
T-AQA7z*qB1gc,; {tB!\>AsP&:t,R)흽D3tOSc
@
z
ezC!Btf2@M^E!/<
Nt+j08c?J*)8I1;ٻ7
n'Y$)nvƾ[z|?PW1wg=ʩ^e
ΣǠwzeg$- C]H{Hs?aiw5N*7;p*=CQa�g0hG{AuVm8>
X
71Ƨ]o
~_a=1:w
s(Ԙ
>Vm#%*}9ytrbkyG%_
L=_g7&ԩ2ʿy~
ʒhߟg7hnu
Whzwz
_|ɾ%J}s[3
q;z=woUCgi|*.sۑIvߘ<
;
M
wq
>O}Ozpo:Pafh
-.9=ZyvYAסio ';.3މW#>E|(M
]V:;7j93}BՀZC
;
BE7
1N cwfB
SVB磷Uxwv
Mg[fTB*ئ|.&S%g|A
�{@
X
o[o
iKn9vƏIH/Dy}ײ-ͷ
~2ٽd٬|_8|gGɩze.9׃}ݜaӯnTGS_:X
uAA̎WA݀Odyײ.e/u^-kO9쯂NK^gku:}܅,a{d5폴}Բy/cPGW
;iټk~@
|At
Aw+KH&a4i�O
ϊ
;
LNϼtb ̟/{.DPHSU`g�#zݑ3cMT&v+@Ψq6
GL&߃r\6.S7ābp
ħbN'{6 'd:fgIы?0l2.#/�L&ec|
'R
;Zd:
L٦ilU}XzsԡMɔ܉L;sv*fNSGBP}ecn8>:el&OHUǣWv:S ԈLѓ+&?[uW8̠l6~\i`f&nMO84O"N?̂Hf#V8g+
%8)4N'
"}lGiޖTɃ.;1lu9ݿ灿Yl
³o[yP7z]3__
*n?{
<P;wPBޱ@�� �U�c2�E2���oMU{ɽٴX^gfr0A{{,l]ɲ.%%YKYBeL @1
10iH�� "ݾZy9.@aO|^hwp,{^b=X8&#
[L!kJ,N6� '���$bpDfp
γX L
y1A4(ۑ0ϗH
Qa}~�$3T,
{'&xMq.%o^EJpM@5j"dx\BsWX|%#9&`
a ;O ;O0 P|N;ANX؇d0}BT~D:Sy{@=+^}s9y
Jw,1+
;HG]d
?땞%G.*XϦ CU=RxGc.ʳHeūi$dO
-*^=O٘
k4ݩ5eA
!jؘ옖s !I_H8D~5F
T e^5\bnոǪNb$`ۣZD&
@Ukk.8|ќo0FT)U
AlaL ڞ8v{yzpH+OXYr1kӧ'ʜ Kj-.[
{
4_eW4
z2Z5%T'0r=*o}/EwRR]EU.
D@>*A{Rf!7s9+OϟF{QLzu;k32s(d_X}(v9J{{'P=zUE Byhb䔏vI?Gv3'C0AK6ӧ,uϋiBT;U(;
[Dƫ_H;p;=Pz̠
[R1HX-}׃|5v/ϸrAUÖY|ґ5B\g$;vE*k%fH9X_&Q낮I1�v7}zA&
o0H?nJ4 <(3\Yv%<zOQjmNm9
}Au,-Ϯ0}T=UL킆5*2M'5A}Z1.<(qi*5-w\uqU#kݰv35e=X;*
D\T#$
=K!contdJPQo)Zc}e`
٤ZЍs9dJ9%RNlԵZ_)6'uF0yW;khE;y,qbm!P=R:ɦ`S5LsdJ9IRNl4Z_)6'uD0W͈5Lv>vϜm.pi5m'!Le5vl
RNDډ[5Lv%lRN;EL5vm, RNFk+Efj
C7iZ4T}x{Bd8=&t1Zقh
}aߑu0W!IcC*�0��������z.�D!XCS$`
ew'
t}Zn�HAʚjyWsGVjo eM:ZobBwԭLD
҈@ ;%BRa^fS;cF[
:"ƀHt{?3ɀY1UXhy>7ԴQ.MsܚN~F@ ؉e̔hDVJ^`8
oɒxم5FOBjOAЪ6\I
:6&9Z3AHCKaK&M)|-zhkz?'ocS,riZlN5 F
=%eAh<h'}Y-Vdt4,?| w
v -ņ͛c
*- G}`a<T͒ӅB
'ւ
ub
c)
mѱ85~Q<5NhLzOi)V+A|!Ͱ=o$>*mBjoitcÚ
q5M(GLK:ɪќ3
M 3u:q329f|Ye(Y'ufzcT:;g<_{vY2Whk<5,3%x^ kFݏwMݚ
M
ӌF{VXՎ5e:ylQύ贡v
lJ;3Q&bNtPj耣Q\%!�D48:ʍ VMR?jn.$)LAsʷZR
7ppPޕ'^o\Rs<˕<{e|":
6
o
Iʔ+72f0e"p-F|U<`x\aH4+tio=Rmx<\pmaoh396ydZe24 F.wzDO9"ŒtT˿?A*
GKyYh3W
.
͙ڮh
J[u(u0G߸}<
t!X@n����`\~vHڬ+=[O/H=Mle݅cO/
=M@l4"z̵]"YoW{s
-)"Îe_P0Ap(Tq=Qtdvo(mzv>z-[bA[a)9SgT2pB6]V-4dJ:
N')߰\B
&0iZ]\Ffk&(<,Y-�D|Mg8T_ =Tcg)d3ۣM/Fg0BޣMήqd
Yw?،jZzlۄfX
daS R
1
^
R
TW=ujn
Pk}O*θ4o> &j
jăq@��Q0~pLTr1Ѡ҃uYR
Q
SaW
JDASZ|Bl
m&S]TI
w
VHV
kQg-\|/u|@
;'3#Q<_'ZkHb?zRo7\lX,江Iznnsp_O\
ErNJ
Fp֤9oss"ǻ'PMJ}5O_
Tv.U#?B7}G+ґ'(NO=U?М{E
ǞofgMP
|\}诫Ir/肕N.>ѓy/|$O7~0N
ߵĉGdpz3,-
.S
`>;8sq
!.N1xѶ*NaB<dWAq
�;t\.>,Q;<NֻگPND`a("`CFf=v_=H@L{BK̕ *v(N
'x-aJ"תfSa!`VHPΕXaHQ'*K =$+h8NĔ-{ 2ȑ7j=Qm
ߖo<d&
#!Zr{4=刡%;[~
'-=HIᵊrW-UM{x*pDfyL/|
Rdeʠ
<缳Cd+B-Oڱ4谰,rHB=aĻTz#]BJ&"'Q\W
vQ
DT&2[*51vCZ{/"#
Wh=}*
<c
bA~f1
uW~jBecE9U9NƁ&~ߑʉh-I1XHE| &CTk>MͫXH; }9Nòo�`���������������������������������������������������������������������������� ����������(�����������������������������������)������b������������^������