Knowledge Base

With the retirement of Server 2012/r2, a question that has risen in popularity is how I migrate my password policy to another server to continue using the product without any issues?

The simple answer is not a lot needs to be done since all of the configuration is stored in Group Policy and Active Directory.

For Password Policy Domain Administration and Arbiter

Install Password Policy Domain Administration (SpecopsPasswordPolicyAdmin-x64.msi ) and/or the arbiter (SpecopsArbiter-x64.msi) onto the new server.

If during this migration have a new Domain Controller:

Copy the SpecopsPasswordPolicySentinel-x64.msi to the new Domain Controller and run the msi and restart the machine to complete the installation.

If you are moving the PDC Emulator role:

Make sure the sentinel is installed on both the current PDC and what will be the new PDC. From there, transfer the role(s) as normal (https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/view-transfer-fsmo-roles). Once the role(s) have been transferred, restart both DCs and verify the PDC and Web API are both showing the correct server. If the Web API is still shown as disabled, you can add/adjust the registry setting in this article and restart the Specops Password Sentinel Service, which should then show the Web API status listed as “OK”.

Where are these files located?

In C:\temp\SpecopsPasswordPolicy_Setup_(version number)\Products\SpecopsPasswordPolicy where Password Policy Domain Administration is currently installed.