Synchronizing user passwords

Server for NIS provides limited support for keeping passwords synchronized between a user's Windows and UNIX accounts. Whenever a user's Windows password is changed, Password Synchronization (which is installed with Server for NIS for this purpose) captures the new password, encrypts it, and then stores the password in the passwd map in Active Directory. The new password is then propagated to UNIX-based Network Information Service (NIS) secondary servers and clients when Server for NIS performs its periodic map update.

If Server for NIS is installed in a Windows domain with multiple domain controllers, Password Synchronization must be installed on all domain controllers in the domain. This is because any domain controller can potentially respond to a request to change a user's password, and so it is necessary that Password Synchronization be running on that domain controller to ensure that the NIS passwd map is updated. If you install Password Synchronization on a domain controller solely to support Server for NIS in this fashion, it is not necessary to configure UNIX hosts to work with Password Synchronization running on the domain controller. On the other hand, you can configure Password Synchronization on a domain controller and selected UNIX hosts to provide two-way password synchronization. This will allow users of the UNIX hosts to use the passwd(1) command (instead of yppasswd) on those hosts to change their NIS domain password as well.

When synchronizing passwords, Server for NIS can use either crypt(3) or Message Digest 5 (MD5). Server for NIS can support different encryption methods for multiple domains, but all UNIX computers in a particular domain must use the same encryption method. See To set the encryption method for a domain for how to specify the encryption method.