This section provides a step-by-step guide on how to set up Users, Groups and Contacts Synchronization for Microsoft Active Directory Environments.
To begin at least two (2) Active Directory environments must be configured in Directory Sync. At the end of this section there will be two (2) Active Directory environments fully configured.
An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target active directory environments.
To create a local AD environment, the following are required
One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows.
One (1) Windows Server to install and host the Directory Sync Agent.
Follow these steps to setup the cloud environment endpoints.
Navigate to Environments
Click the New button
Click Local as the environment type, Click Next
Name the environment, Click Next
Name the local agent, Click Next
Note the agent registration URL and registration Key for later use, click Finish.
Install the agent in the Windows Server that is joined to the local AD domain.
Launch the Directory Sync Agent installation in the target workstation or server
Accept the license agreement and click on next.
Enter the target active directory environment information by providing the following and click next.
Domain Name
Global Catalog Server
Username
Password
Enter the Directory Sync Registration URL and Agent Registration Key information and click next.
In the sIDHistory Migration section, you may skip this step if sIDHistory Migration is not part of your project scope.
Note, Refer to On Demand Migration Active Directory User Guide for detailed information about agent installation and set-up requirements.
Once the agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.
Click on the Organization Unit tab and define the OU filter based on your project scope.
Click on the Filters tab and define any LDAP filter based on your project scope.
Click Save.
Repeat steps 2 – 11 for the next local environment
Before we can build our workflows, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.
For the purpose of this guide, the following template will need to be configured to perform Synchronization for User, Group and Contact Objects. This guide also assume objects will be created in the target Active Directory if there is no match found. Additional templates may be created based on your project requirements. Local to Local Password Sync
Local to Local Sync
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Local to Local Sync”, Click Next
Click Local as the source environment type, Click Next
Click Local as the target environment type, Click Next
Set CREATE NEW USERS AS = AS-IS
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= ENABLE
Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = ENABLE
Set UPDATE MATCHED GROUPS = ENABLE
Set Convert Group Options with default settings: (See Pro Tip 17)
DOMAIN LOCAL GROUPS = DOMAIN LOCAL
GLOBAL GROUPS = GLOBAL
UNIVERSAL GROUPS = UNIVERSAL
Click Next
Set CREATE NEW CONTACTS AS = AS-IS
Set UPDATE CREATED CONTACTS = ENABLE
Set UPDATE MATCHED CONTACTS = ENABLE
Click Next
Set CREATE NEW DEVICES AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Leave the SYNCHRONIZE SID HISTORY checkbox unchecked, Click Next
Under mappings, we can leave the settings as default or update them based on your project requirements. (See Pro Tip 16)
Click Next
Click Finish
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center