Abstract: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: A sub-device agent running on a network device provides tools for detecting and managing sub-devices connected to the network device. The sub-device agent reports the presence of the sub-devices to a configuration manager, which provides a user interface for managing the sub-devices. The sub-devices are not directly detectable by or visible to the configuration manager. The sub-device agent provides access to the sub-devices for monitoring, configuring, updating, etc. The sub-device agent may be used to install or upgrade firmware or software on the sub-device or to monitor a status of the sub-device. Sub-device modules, such as OEM plug-ins and drivers, may be used by the sub-device agent to discover and manage the sub-devices.