Upgrade

The information below will help you upgrade to the latest version of Specops Password Sync.

Supported upgrade environments

You can upgrade to the most recent version of Specops Password Sync from Specops Password Sync 4.1 or later. It is strongly recommended that you upgrade all components of Specops Password Sync. It is best practice to upgrade the components in the following order:

  • Password Change Notifier
  • Sync Server
  • Administration Tools
Planning an upgrade

Before upgrading you should read the Specops Password Sync Release Notes. The Release Notes provides a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary.

Requirements

To upgrade to the latest version, your organization’s environment must meet the following system requirements:

ItemRequirement
Password Change Notifier• Windows Server 2008 or later
• Writable domain controller
Sync Server• Windows Server 2008 or later
• OS must be a domain member
• .NET Framework 4.0 or later
Administration Tools• Windows 7 or later
• OS must be a domain member
• Group Policy Management Console (GPMC)
• .Net Framework 4.0 or later

The Specops Setup Assistant will help you meet the system requirements.

Upgrading Specops Password Sync

The Setup Assistant will allow you to upgrade the required components.

  • Password Change Notifier
  • Sync Server
  • Administration Tools
  1. Download the Setup Assistant.
  2. Save and Run the Setup Assistant on your server.

Note: By default the file is extracted to C:\temp\SpecopsPasswordSync_Setup_[VersionNumber]

  1. Double click SpecopsPasswordSync_Setup_[VersionNumber].exe to launch the Setup Assistant.
  2. To begin, click Start Installation in the Specops Setup Assistant dialog box, and Accept the End User License Agreement.

Upgrade the Password Change Notifier

The Password Change Notifier must be upgraded on all domain controllers in your Active Directory. Uninstall the existing msi on the domain controller, and upgrade using one of the following options:

  • Run the new msi from C:\Temp\SpecopsPasswordSync_Setup_<ver>\Products\ SpecopsPasswordSync (recommended)
  • Upgrade the Password Change Notifier using the Setup Assistant on the domain controller.
  • Deploy the Password Change Notifier through Group Policy Software Installation (GPSI)

You will need to restart the domain controllers once the upgrade is complete.

Deploy the Password Change Notifier through GPSI

  1. Copy the MSI packages for the Password Change Notifier to a file share in your network infrastructure.

Note:

  • By default, the file is extracted to: C:\Temp\SpecopsPasswordSync_Setup_<ver>\Products\SpecopsPasswordSync
  • Specops recommends using DFS shares as it permits load sharing and location independence.
  1. In your domain, create a new GPO and link it to the Domain Controllers Organizational Unit.
  2. Enter a name for the GPO, and click OK.
  3. Right-click the newly created GPO, and click Edit.
  4. Expand Computer Configuration, Policies, Software Settings.
  5. Right-click Software installation, and select Properties.
  6. Browse to the location of the msi package.
  7. Enable the Assign deployment option.
  8. Click OK to save the package.
  9. Restart the domain controllers.

Upgrade the Sync Server

The Sync Server synchronizes new passwords to all systems the user has been configured to synchronize to through the Specops Password Sync Group Policy settings. Depending on the amount of users in your environment, and the frequency with which they change their passwords, you may require more than one Sync Server.

  1. From the Setup Assistant, click Sync Server.
  2. Verify that you have fulfilled the prerequisites.
  3. To select the certificate that will be used to verify the identity of the Sync Server to the Password Change Notifier component, click Select.

Note:

  • All communications between the Password Change Notifier and the Sync Server is SSL encrypted using the same certificate.
  • You can use a certificate generated by the Active Directory Certificate Services or a self-signed certificate. If you are using a self-signed certificate, you will need to:
    • Update the certificate once it expires (the certificate will not be automatically renewed).
    • Import the certificate into the trusted roots container on all the domain controllers.
  1. Click Install. The Setup Assistant will automatically use the correct msi-package for the local systems and install the appropriate version of the Sync Server.
  2. In the Sync Server Setup Wizard, click Next.
  3. You will be given the chance to select which Sync Providers you want to install on the Sync Server. The default setting is to install all the providers that are shipped with the product. If you do not want to use a provider, click the icon next to the provider, and select Entire Feature will be unavailable.
    Note: 
    If you want to develop your own Sync Providers for the systems used by your organization, contact Specops Support.
  4. Click Next.
  5. Click Finish.

Upgrade the Administration Tools

Installing the Administration Tools will install the Specops Password Sync Administration tool and the GPMC snap-in. You can use the Administration Tool to configure system settings such as Sync Scopes, Sync Servers, and Sync Points. You can use the GPMC snap-in to configure Specops Password Sync policies in a Group Policy Object. The GPO can then be applied to your entire domain or a part of your domain.

The Administration Tools should be installed on the computer that you want to administer the product from.

  1. From the Setup Assistant, select Administration Tools.
  2. Verify that you have fulfilled the prerequisites. If you do not meet the prerequisites, you may need to do the following:
  3. Install .NET Framework 4 or later.
  4. Verify that the user running the setup assistant is an Enterprise or Domain Administrator.
  5. Click Install.

 

Post-upgrade

You will need to complete the following configuration settings once you have installed Specops Password Reset.

  1. Import your license key.
  2. Verify that the Password Change Notifier has been installed on all of your domain controllers.

Note: Your domain controllers must be restarted after the upgrade.

  1. Verify that the certificate(s) used on your Sync Server(s) are trusted by the domain controllers.