11.24 Working with TimeToLive(minute) Attribute

This section provides answers to questions for specific scenarios, that you might have while working with the TimeToLive(minute) attribute.

How are passwords managed when the value of the TimeToLive(minute) attribute is set to a default value of 0 (zero).

When the attribute is set to the default value, a password is prevented from being deleted from the Domain Controller registry without getting transferred to the driver registry. If the value is set to x, where x is greater than the default value, the password will be deleted from the registry after x minutes if the password is not successfully synchronized within that time.

How are passwords managed when you have PWFilter registry on 11 Domain Controllers containing old and new password changes.

The password will be added to the Domain Controller registry where the password has changed. If the old password for the same user is still in the registry when a new password is added, the old password is overwritten by the new password.

In what order are passwords added and removed from the registry.

The registry keeps the keys (user name) sorted at all times.

How is a new password added when the registry is removing the stored passwords.

The registry keeps the keys (user name) sorted at all times. After all the stored passwords are transferred to the driver registry, the passwords are removed from the registry of the Domain Controller.