Contents x
    Password Filter Installation
    • 14 Jun 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Contents

    Password Filter Installation

    • Updated on 14 Jun 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Article Summary

    Password Filter Installation

    Password filters are used to enforce password policies as configured via Microsoft API. To our knowledge, every third party application that synchronizes passwords from Active Directory to another set of foreign accounts uses this Password Filter API to capture password changes.
    The process for installing a password filter on a RapidIdentity system has two parts:

    1. Update the Active Directory Schema
    2. Install the Agent on each Domain Controller

    Update Active Directory Schema

    This part is only done on one domain controller, and the installer will need to be run with an account that is a member of the both the Schema Admins and Domain Admins groups in Active Directory.

    1. Download the Password Filter Installer file adpwfilterx86-64-latest-msi

    2. Run the installer as an Administrator.

    3. If you receive a message that Windows has protected your PC, click More Info.
      PC Protected.jpg

    4. On the next screen, click Run Anyway.
      Run Anyway.jpg

    5. When the installer comes up, click Next.
      Installer Step 1.jpg

    6. Select the Installation folder and click Next. Most districts will accept the default location.
      Installer Step 2.jpg

    7. Click Next to confirm installation.
      Installer Step 3.jpg

    8. A progress bar will pop up and track the progress of your installation. At the end, you may receive a message that asks if you want to allow an app from un unknown publisher to make changes to your device. Click Yes.

    9. When the next screen appears, click Install Schema. Once this completes, a message will appear confirming Schema extended.
      Install Schema.jpg

    10. Next, install the RapidIdentity Public Key. This is used to encrypt captured passwords so that they can only be decrypted using this key, and only applies once per domain.
      Public Key.jpg

    11. Enter your district's tenant URL (e.g., https://yourdistrict.rapididentity.com) and click OK. Once this completes, a message will appear confirming RapidIdentity Public Key Installed.
      Host name for Key.jpg

    12. Click Close to close the RapidIdentity Password Filter for Active Directory Configuration. You will then be taken back to the main installer and should see a screen that says Installation Complete.

    13. Click Close to close the installer.

    14. When the installer closes, a message will appear asking whether you would like to restart your system now. Click Yes.

    Install the Agent on each Domain Controller

    The second part of this process installs the agent on each domain controller. When installing the password filter, it will need to be installed on all writeable Active Directory domain controllers. After the installer completes on each domain controller, that domain controller will need to be restarted before the changes take effect.

    Note

    Install the software on any domain controllers (cannot be read-only). Reboot each domain controller once the installation has completed. Install Schema will be deactivated, as it has already been installed.

    1. Once the first domain controller has been updated with the schema and key, all that is needed for other writeable domain controllers is to install the .msi file from Step 1 of Part 1.
    2. The installation wizard will fill in existing defaults that can be changed if desired, but generally defaults can be accepted throughout the wizard until completed.
    3. Reboot the domain controller for the changes to take effect.
    Was this article helpful?
    What's Next