Reference Material | Registry settings
Below you will find a list of the registry settings used by the components of Specops Password Sync. The settings can be changed using the Registry Editor.
Change Notifier Service
You will need to manually add the Notifier Service folder in the Registry Editor.
- From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync.
- Right-click, select New, and click Key.
- In the New Key field, enter ChangeNotifierService.
Registry key Description HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService\QueuesFolder
The full path to the folder where password synchronization jobs should be queued. Reboot of the DC is required after changing this key.
You will need to manually add this registry setting on all Domain Controllers:1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService.2. Right-click, select New, and click String Value.3. Double-click the new value to edit string.
4. In the value name field, enter Queues Folder.
5. In the value data field enter %SystemRoot%\System32\SpecopsPasswordSync\Queues.
6. Click OK.
Registry key Description HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService\ NetworkOperationTimeout
Time in milliseconds between the DC and the Sync Server before operation to Sync Server times out. If there is high latency between DC and Sync Server, this can be increased. However, normally this value shouldn’t be changed.
You will need to manually add this registry setting on all Domain Controllers:
1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService.
2. Right-click, select New, and click DWORD (32-bit) Value.
3. Double-click the new value to edit string.
4. In the value name field enter NetworkOperationTimeout.
5. In the value data field enter 5000.
6. Click OK.
Registry key Description HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService\
IntervalBetweenRefreshConfigFromAD
Interval in milliseconds between looking for configuration changes in Active Directory. You will need to manually add this registry setting on all Domain Controllers:
1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService.
2. Right-click, select New, and click DWORD (32-bit) Value.
3. Double-click the new value to edit string.
4. In the value name field enter IntervalBetweenRefreshConfigFromAD.
5. In the value data field enter 60000.
6. Click OK.
Registry key Description HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService\IntervalBetweenPollingSyncPointQueue
Interval in milliseconds between polling for new password changes in a Sync Point’s queue folder. You will need to manually add this registry setting on all Domain Controllers.
1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService.
2. Right-click, select New, and click DWORD (32-bit) Value.
3. Double-click the new value to edit string.
4. In the value name field enter IntervalBetweenPollingSyncPointQueue.
5. In the value data field enter 2500.
6. Click OK.
Registry key Description HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService\LicenseCheckStartTime
The time of day when license check should start. You will need to manually add this registry setting on all Domain Controllers.
1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService.
2. Right-click, select New, and click String Value.
3. Double-click the new value to edit string.
4. In the value name field enter LicenseCheckStartTime.
5. In the value data field enter 00:00.
6. Click OK.
Change Notifier
Before you add the below registry key, you will need to:
- Browse to HKLM\Software\Specopssoft\Specops Password Sync from the Registry Editor.
- Right-click, select New, and click Key.
- In the New Key field, enter ChangeNotifier.
| Registry key | Description |
| HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifier\ AllowSyncForAdministrators | Enabling this setting will allow password synchronization for admin accounts. You will need to manually add this registry setting on all Domain Controllers: 1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifier 2. Right-click, select New, and click DWORD (32-bit) Value. 3. In the value name field enter AllowSyncForAdministrators. 4. In the value data field enter 1. 5. Click OK. |
Admin Tools
| Registry key | Description |
|---|---|
| HKLM\Specopssoft\Specops Password Sync\Admin Tools\ClearLogFile | Clear the log file when the service is started. 0 = Keep log file 1 = Clear log file Default value: 1 |
| HKLM\Specopssoft\Specops Password Sync\Admin Tools\Debug | Enables and disables debug logging for the Specops Password Sync Admin Tools. |
| HKLM\Specopssoft\Specops Password Sync\Admin Tools\LogFilePath | Interval in milliseconds between looking for configuration changes in Active Directory. Default value: %LocalAppData%\Specopssoft\SPS.AdminTools.log |
| HKLM\Specopssoft\Specops Password Sync\Admin Tools\MaxMbFileSize | Maximum size of a log file before a new log file is created. Only the two latest log files will be kept. Default value: 0x0000000a (10) |
GpSnapIn
| Registry key | Description |
|---|---|
| HKLM\Specopssoft\Specops Password Sync\GpSnapIn\ClearLogFile | Clear the log file when the service is started. 0 = Keep log file 1 = Clear log file Default value: 1 |
| HKLM\Specopssoft\Specops Password Sync\GpSnapIn\Debug | Enables and disables debug logging for the Specops Password Sync Group Policy snap-in. |
| HKLM\Specopssoft\Specops Password Sync\GpSnapIn\LogFilePath | Interval in milliseconds between looking for configuration changes in Active Directory. Default value: %LocalAppData%\Specopssoft\SPS.SnapIn.log |
| HKLM\Specopssoft\Specops Password Sync\GpSnapIn\MaxMbFileSize | Maximum size of a log file before a new log file is created. Only the two latest log files will be kept. Default value: 0x0000000a (10) |
Password Sync Server Service
| Registry key | Description |
|---|---|
| HKLM\Specopssoft\Specops Password Sync\Server\ClearLogFile | Clear the log file when the service is started. 0 = Keep log file 1 = Clear log file Default value: 1 |
| HKLM\Specopssoft\Specops Password Sync\Server\DatabaseFilePath | The path to the Specops Password Sync Server database file. The default path is handled internally by the service. Default value: Empty |
| HKLM\Specopssoft\Specops Password Sync\Server\Debug | Enables and disables debug logging for the Specops Password Sync Server service. |
| HKLM\Specopssoft\Specops Password Sync\Server\LogFilePath | Interval in milliseconds between looking for configuration changes in Active Directory. Default value: C:\SPS.SyncServer.log |
| HKLM\Specopssoft\Specops Password Sync\Server\MaxMbFileSize | Maximum size of a log file before a new log file is created. Only the two latest log files will be kept. Default value: 0x0000000a (10) |
| HKLM\Specopssoft\Specops Password Sync\Server\QueuePollingIntervalSeconds | Number of seconds between polling the database for new password changes. Setting a low value increases the server load. Setting a high value increases the latency between the user password change and the synchronization to the external system. Default value: 0x00000005 (5) |
| HKLM\Specopssoft\Specops Password Sync\Server\SyncPointCacheTTLSeconds | The number of seconds the Sync Server should cache Sync Point data. Changing this value controls how often the Sync Server has to read Sync Point data from Active Directory. Default value: 0x000001e (30) |