Directory Account Discovery doesn't import the account password


i'm having a problem with the account discovery from the Active Directory. I've created the Discovery Rule that auto-manages the accounts discovered and it is associated to the Active Directory asset. The import is completed correctly, though the accounts don't have a password set. Shouldn't them retrieve the password from the Active Directory directly? Why it doesn't happen?

Thank you.

  • Hi Simone,

    After the Account Discovery imports the AD managed account then the password will either need to be changed by SPP so that it learns what the new password is and it also updates it on the target managed account in AD or if you know what the password is then you can set the password on the account manually initially.

    Only after SPP changes the password then the password is known to SPP, there is no mechanism to "retrieve a password from AD directly".

    For SPP to trigger an automatic password change after account discovery, the Password Profile that is assigned to the discovered AD account must be configured to run on a schedule and not be set to Never.

    Another option is you may force a password change manually on the AD account from SPP to get a new generated password vaulted for the discovered account. This way only SPP knows the password from this point and it can be audited etc.


  • Hi Simone,

    After the Account Discovery imports the AD managed account then the password will either need to be changed by SPP so that it learns what the new password is and it also updates it on the target managed account in AD or if you know what the password is then you can set the password on the account manually initially.

    Only after SPP changes the password then the password is known to SPP, there is no mechanism to "retrieve a password from AD directly".

    For SPP to trigger an automatic password change after account discovery, the Password Profile that is assigned to the discovered AD account must be configured to run on a schedule and not be set to Never.

    Another option is you may force a password change manually on the AD account from SPP to get a new generated password vaulted for the discovered account. This way only SPP knows the password from this point and it can be audited etc.


No Data