The Password History Scan schedule step collects data two types of password history data from MIM/FIM/AD Connect:
1. PCNS Password synchronization
2. WMI Password reset
PCNS is captured as a source event on the MA providing the password, and target events on the MAs that receive the password. The source and target event details are recorded as attributes in Time Traveler, and as counters in a Password Scan history record.
WMI Resets may be invoked e.g. through PowerShell by an admin, but are much more typically the result of self-service resets using the MIM Portal.
Password history scans submit the change with the timestamp the password change happened, rather than the time of the scan, so it is not necessary to scan continuously for time resolution. Once every few hours is adequate in most environments.
The only mandatory argument for password history scan is the Environment parameter. However, it is necessary to set the preferred server to the MIM Sync server unless remote WMI permissions have been configured for the Panel Service account(s).
Please sign in to leave a comment.