Sync AD Passwords across Domains
Posted on 2014-03-14
We have two separate AD forests, each containing a single domain.
The "primary" forest and it's domain is our Company, the "secondary" forest and it's domain is of another company that we bough. They are now part of our Wide Area Network and need to access their own systems as well as some of our systems (one common intranet for the "group" etc.)
We have not setup a Domain Trust between us (for a few reasons) and as an alternative we have created their users (same usernames) on our Domain and would now like to find out if there's a way to sync their AD User passwords to the matching user on our side on our domain.
Their Domain is COMPANY2
Our Domain is COMPANY1
They had a User "COMPANY2\JoeSoap" with password "MySecretPassword"
We created a COMPANY1\JoeSoap with password "Password1"
The user can now use one login (JoeSoap) but he's got two passwords and because it being normal users they get confused when to use which password.
I now need to know how can I sync the password "MySecretPassword" back to COMPANY1\JoeSoap so that he also has this password (without asking each and every user for their password ofcourse...) Is there for instance any kind of LDAP tool or similar that can take a password from one user and sync to a matching username even thought it's on another domain and will have a differnet SID ?
Thanks a lot,