My Oracle Support Banner

Microsoft AD Password Sync Agents Are Not Working When TLS1.2 Is Enabled On Domain Controllers (Doc ID 2411229.1)

Last updated on AUGUST 11, 2021

Applies to:

Identity Manager Connector - Version 9.1.1 and later
Information in this document applies to any platform.


Microsoft AD Password Sync Connectors was installed on Windows 2012 domain controllers to sync the passwords from AD to OIM. Then TLS 1.0 protocol on domain controllers was disabled and TLS 1.2 protocol was enabled on domain controllers. From then, Password Sync agents are unable to communicate with the OIM servers.

Whenever a user tries to change password, a contact object is being created in the domain controller. There is no exception no logged in the OIM application servers.

The issue can be reproduced with the following steps:
1. Disabled TLS 1.0
2. Enable TLS 1.2
3. Ad user change password


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.