Registry settings

Below you will find a list of the registry settings used by the components of Specops Password Sync. The settings can be changed using the Registry Editor.

Change Notifier Service

You will need to manually add the Notifier Service folder in the Registry Editor.

  1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync.
  2. Right-click, select New, and click Key.
  3. In the New Key field, enter ChangeNotifierService.
    Registry keyDescription
    HKLM\Software\Specopssoft\Specops Password

    Sync\ChangeNotifierService\QueuesFolder

    		 The full path to the folder where password synchronization jobs should be queued. Reboot of the DC is required after changing this key.
    You will need to manually add this registry setting on all Domain Controllers:
    1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService .
    2. Right-click, select New, and click String Value.
    3. Double-click the new value to edit string.
    4. In the value name field, enter Queues Folder.
    5. In the value data field enter %SystemRoot%\System32\SpecopsPasswordSync\Queues .
    6. Click OK.
    Registry keyDescription
    HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService\

    NetworkOperationTimeout

    		 Time in milliseconds between the DC and the Sync Server before operation to Sync Server times out.

    If there is high latency between DC and Sync Server, this can be increased. However, normally this value shouldn’t be changed.

    You will need to manually add this registry setting on all Domain Controllers:

    1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService
    2. Right-click, select New, and click DWORD (32-bit) Value.
    3. Double-click the new value to edit string.
    4. In the value name field enter NetworkOperationTimeout.
    5. In the value data field enter 5000.
    6. Click OK.
    Registry keyDescription
    HKLM\Software\Specopssoft\Specops Password

    Sync\ChangeNotifierService\

    IntervalBetweenRefreshConfigFromAD

    		 Interval in milliseconds between looking for configuration changes in Active Directory.

    You will need to manually add this registry setting on all Domain Controllers:

    1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService
    2. Right-click, select New, and click DWORD (32-bit) Value.
    3. Double-click the new value to edit string.
    4. In the value name field enter IntervalBetweenRefreshConfigFromAD.
    5. In the value data field enter 60000.
    6. Click OK.
    Registry keyDescription
    HKLM\Software\Specopssoft\Specops Password

    Sync\ChangeNotifierService\IntervalBetweenPollingSyncPointQueue

    		Interval in milliseconds between polling for new password changes in a Sync Point’s queue folder.

    You will need to manually add this registry setting on all Domain Controllers.

    1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService
    2. Right-click, select New, and click DWORD (32-bit) Value.
    3. Double-click the new value to edit string.
    4. In the value name field enter IntervalBetweenPollingSyncPointQueue.
    5. In the value data field enter 2500.
    6. Click OK.
    Registry keyDescription
    HKLM\Software\Specopssoft\Specops Password

    Sync\ChangeNotifierService\LicenseCheckStartTime

    		 The time of day when license check should start.

    You will need to manually add this registry setting on all Domain Controllers.

    1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifierService
    2. Right-click, select New, and click String Value.
    3. Double-click the new value to edit string.
    4. In the value name field enter LicenseCheckStartTime.
    5. In the value data field enter 00:00.
    6. Click OK.

Change Notifier

Before you add the below registry key, you will need to:

  1. Browse to HKLM\Software\Specopssoft\Specops Password Sync from the Registry Editor.
  2. Right-click, select New, and click Key.
  3. In the New Key field, enter ChangeNotifier.
Registry key Description
HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifier\

AllowSyncForAdministrators

 Enabling this setting will allow password synchronization for admin accounts.

You will need to manually add this registry setting on all Domain Controllers:

  1. From the Registry Editor, browse to HKLM\Software\Specopssoft\Specops Password Sync\ChangeNotifier
  2. Right-click, select New, and click DWORD (32-bit) Value.
  3. In the value name field enter AllowSyncForAdministrators.
  4. In the value data field enter 1.
  5. Click OK.

Admin Tools

Registry key Description
HKLM\Specopssoft\Specops Password
Sync\ Admin Tools\ClearLogFile
 Clear the log file when the service is started.
0 = Keep log file
1 = Clear log file
Default value: 1
HKLM\Specopssoft\Specops Password
Sync\ Admin Tools\Debug
 Enables and disables debug logging for the Specops Password Sync Admin Tools.
HKLM\Specopssoft\Specops Password
Sync\ Admin Tools\LogFilePath
 Interval in milliseconds between looking for configuration changes in Active Directory.
Default value: %LocalAppData%\Specopssoft\SPS.AdminTools.log
HKLM\Specopssoft\Specops Password
Sync\ Admin Tools\MaxMbFileSize
 Maximum size of a log file before a new log file is created. Only the two latest log files will be kept.
Default value: 0x0000000a (10)

GpSnapIn

Registry key Description
HKLM\Specopssoft\Specops Password
Sync\ GpSnapIn\ClearLogFile
 Clear the log file when the service is started.
0 = Keep log file
1 = Clear log file
Default value: 1
HKLM\Specopssoft\Specops Password
Sync\ GpSnapIn\Debug
 Enables and disables debug logging for the Specops Password Sync Group Policy snap-in.
HKLM\Specopssoft\Specops Password
Sync\GpSnapIn\LogFilePath
Interval in milliseconds between looking for configuration changes in Active Directory.
Default value: %LocalAppData%\Specopssoft\SPS.SnapIn.log
HKLM\Specopssoft\Specops Password
Sync\ GpSnapIn\MaxMbFileSize
 Maximum size of a log file before a new log file is created. Only the two latest log files will be kept.
Default value: 0x0000000a (10)

Specops Password Sync Server Service

Registry key Description
HKLM\Specopssoft\Specops Password
Sync\ Server\ClearLogFile
 Clear the log file when the service is started.
0 = Keep log file
1 = Clear log file
Default value: 1
HKLM\Specopssoft\Specops Password
Sync\ Server\DatabaseFilePath
 The path to the Specops Password Sync Server database file.
The default path is handled internally by the service.
Default value: Empty
HKLM\Specopssoft\Specops Password
Sync\ Server\Debug
 Enables and disables debug logging for the Specops Password Sync Server service.
HKLM\Specopssoft\Specops Password
Sync\ Server\LogFilePath
 Interval in milliseconds between looking for configuration changes in Active Directory.
Default value: C:\SPS.SyncServer.log
HKLM\Specopssoft\Specops Password
Sync\ Server\MaxMbFileSize
 Maximum size of a log file before a new log file is created. Only the two latest log files will be kept.
Default value: 0x0000000a (10)
HKLM\Specopssoft\Specops Password
Sync\ Server\QueuePollingIntervalSeconds
 Number of seconds between polling the database for new password changes.
Setting a low value increases the server load. Setting a high value increases the latency between the user password change and the synchronization to the external system.
Default value: 0x00000005 (5)
HKLM\Specopssoft\Specops Password
Sync\ Server\SyncPointCacheTTLSeconds
 The number of seconds the Sync Server should cache Sync Point data.
Changing this value controls how often the Sync Server has to read Sync Point data from Active Directory.
Default value: 0x000001e (30)