What’s New in Active Directory Synchronization (AD Sync)

Home>Intranet Applications, Intranet Software, Product News>What’s New in Active Directory Synchronization (AD Sync)

What’s New in Active Directory Synchronization (AD Sync)

By | 2017-09-15T09:48:49+00:00 August 29, 2016|Intranet Applications, Intranet Software, Product News|

Summary: With the latest release, Policy Assist, many improvements and modifications were made to AD Sync.

The recent Policy Assist release includes a dramatic update to our Active Directory Synchronization tool. There were several deficiencies in the original AD Sync that needed to be addressed and we took the opportunity to improve the user interface and workflow for setting up connections. Among the items we wanted to address with the latest release are:

  • provide the ability to easily define multiple connections to domain controllers
  • provide the ability to define multiple targets per connection
  • provide object previews for selected organizational units
  • list the number of objects to be synchronized by target and for the connection in total
  • provide employee previews for mapped fields.
  • support connections using secure socket layer (LDAPS)
In addition to these user interface improvements, we set out to ensure previews and synchronization requests can access all objects for a specific target regardless of the AD “MaxPageSize” threshold, which is typically 1,000 objects. We also improved the speed of the synchronization process to avoid timeouts when synchronizing large numbers or users and/or groups.

To meet our goals for the project, we re-designed the user interface to follow a three step process.

  1. Define Connection
  2. Add Targets
  3. Field Mappings (for employee targets)

Step 1: Define Connection

The first step in setting up your AD Sync is to define the connection parameters. This step is now limited to establishing and testing your connection. Although this step is similar to the initial steps in our previous version of AD Sync, it differs in that it is designed to the KISS (keep it simple) Principle.

Below is an example of what this step looks like.

AD Sync - Defining Connections

Step2: Add Targets

The second step in AD Sync is designed to provide maximum flexibility with defining your connection target(s). There is a change in how we define the types of objects you can synchronize. We define the three types as such:

  • Employees – AD users who will appear in the Employee Directory
  • Logins – AD users who require a login to the intranet who are not part of Employee Directory
  • Groups – AD groups to be synchronized
Another big change for AD Sync 2.0 are the organizational unit, object previews and group filter dropdown which allow you to configure your target start and optional group filter for each individual target. This provides ultimate flexibility for ensuring the synchronization process targets exactly those groups and users you want to synchronize.

AD Sync - Adding Targets

If your users do not reside in a specific domain and are members of a specific group, you can simply select the domain as your target and apply the group filter to synchronize those group members.

When you are satisfied with the target configuration, you add the target to the target list by clicking the “Add Target” button. The target list will display each target you have configured identifying the target type (Employees, Logins or Groups) the target organizational unit, the filter and the number of objects that will be synchronized.

The “Add Targets” step also allows you to define whether you want to synchronize the reporting relationships for user managers and to automatically disable users who become disabled in AD.

Love What You’ve Read? Click Here to Subscribe to Our Blog

Step 3: Employee Fields

If you have defined an employee target in the previous step, you will be directed to the Field Mappings step for employee fields. This step now includes a simple preview of the fields to be mapped when a synchronization occurs. There are several required fields which will be automatically mapped to the corresponding AD fields. In addition to the required fields, there are several other fields you can map which will populate the details for employees in the directory.

AD Sync Field Mapping

Connections List

Once you have defined a connection, added targets are optionally mapped to your employee fields, you will see your connection(s) listed on the AD Sync connections screen. This list view shows the domain, object types you want to sync, the number of targets defined, the total number of objects to synchronize from all targets, whether the connection is secure (using LDAPS) and whether the connection is enabled. For each connection, you have the option to sync the connection immediately (Sync Now), edit, enable/disable, or delete.

AD Sync Connection List

AD Sync 2.0

The new AD Sync 2.0 is available to customers as of the Policy Assist release. Customers who use AD Sync with multiple domains or a complicated organization of users and groups with Active Directory are encouraged to upgrade to Policy Assist to simplify their synchronization configuration. If you wish to upgrade to the Policy Assist release, leave a comment below and I’d be happy to help.  Or request a one-on-one demo with a product specialist to see Policy Assist and the new AD Sync in action!

Want to learn more?

Related Posts

By | 2017-09-15T09:48:49+00:00 August 29, 2016|Intranet Applications, Intranet Software, Product News|

About the Author:

Paul is a veteran Web Developer with over 10 years’ experience designing and developing web applications for a variety of industries. He brings a strong passion for software development, software design patterns and test-driven development to the Intranet Connections team. In his spare time, Paul cycles, runs and swims and in the summer he is often found “chasing plastic” on the Ultimate Frisbee field.

Leave A Comment