If you want to use Active Directory as a password reset source, you will need to install Password Change Notification Service. PCNS is a special service you will install on all domain controllers for that source AD domain. PCNS safely intercepts the password change that the domain controller receives, and sends it over securely to the MIM Synchronization service, where MIM will investigate which MAs are configured as targets and send over the password.
Installing PCNS is a six-step process, which is as follows:
Extending the AD schema.
Installing the PCNS service.
Configuring the MIM SPN.
Configuring PCNS.
Configuring the MAs.
Enabling password synchronization.
We have already talked about the last two steps, so we will walk you through extending the AD schema, installing the service on the domain controllers, configuring the MIM SPN, and configuring PCNS. Follow these steps: