Communication for password-related activity

Most password-related operations are handled by background processes without opening an interactive secure shell or remote desktop session. However, the basic flow for password-related activity—such as automatic or on-demand password rotation and password updates when a password is checked in or when the maximum password checkout time has expired—is the same whether the operation is performed in the background or in a remote client session. The password-related operations are routed through the same architectural components of the infrastructure as logon operations. For technical reference, the following diagrams provide a simplified summary of the communication between components to complete password-related actions.

Password rotation and checkin

The following diagram provides a simplified summary of the communication between components for scheduled or on-demand password rotation and checkin operations for managed accounts.

Password checkouts

The following diagram provides a simplified summary of the communication between components for password checkout operations for managed accounts.

Network access verification

The following diagram provides a simplified summary of the communication between components for testing network access for systems, domains, and databases with managed accounts.

For Windows, the appropriate management port and protocol depend on the version of the operating system you are using and are detected by a port scan unless auto-detection is disabled. For more information about the management ports and protocols used for password-related operations, see Managing the password for local accounts.

Password validation

The following diagram provides a simplified summary of the communication between components for validating that the password stored for a managed account can be used to access the remote system.

For Windows, the appropriate management port and protocol depend on the version of the operating system you are using and are detected by a port scan unless auto-detection is disabled. For more information about the management ports and protocols used for password-related operations, see Managing the password for local accounts.