Summary: With the latest release, Policy Assist, many improvements and modifications were made to AD Sync.
The recent Policy Assist release includes a dramatic update to our Active Directory Synchronization tool. There were several deficiencies in the original AD Sync that needed to be addressed and we took the opportunity to improve the user interface and workflow for setting up connections. Among the items we wanted to address with the latest release are:
- provide the ability to easily define multiple connections to domain controllers
- provide the ability to define multiple targets per connection
- provide object previews for selected organizational units
- list the number of objects to be synchronized by target and for the connection in total
- provide employee previews for mapped fields.
- support connections using secure socket layer (LDAPS)
To meet our goals for the project, we re-designed the user interface to follow a three step process.
- Define Connection
- Add Targets
- Field Mappings (for employee targets)
Step 1: Define Connection
The first step in setting up your AD Sync is to define the connection parameters. This step is now limited to establishing and testing your connection. Although this step is similar to the initial steps in our previous version of AD Sync, it differs in that it is designed to the KISS (keep it simple) Principle.
Below is an example of what this step looks like.
Step2: Add Targets
The second step in AD Sync is designed to provide maximum flexibility with defining your connection target(s). There is a change in how we define the types of objects you can synchronize. We define the three types as such:
- Employees – AD users who will appear in the Employee Directory
- Logins – AD users who require a login to the intranet who are not part of Employee Directory
- Groups – AD groups to be synchronized
If your users do not reside in a specific domain and are members of a specific group, you can simply select the domain as your target and apply the group filter to synchronize those group members.
When you are satisfied with the target configuration, you add the target to the target list by clicking the “Add Target” button. The target list will display each target you have configured identifying the target type (Employees, Logins or Groups) the target organizational unit, the filter and the number of objects that will be synchronized.
The “Add Targets” step also allows you to define whether you want to synchronize the reporting relationships for user managers and to automatically disable users who become disabled in AD.
Step 3: Employee Fields
If you have defined an employee target in the previous step, you will be directed to the Field Mappings step for employee fields. This step now includes a simple preview of the fields to be mapped when a synchronization occurs. There are several required fields which will be automatically mapped to the corresponding AD fields. In addition to the required fields, there are several other fields you can map which will populate the details for employees in the directory.
Once you have defined a connection, added targets are optionally mapped to your employee fields, you will see your connection(s) listed on the AD Sync connections screen. This list view shows the domain, object types you want to sync, the number of targets defined, the total number of objects to synchronize from all targets, whether the connection is secure (using LDAPS) and whether the connection is enabled. For each connection, you have the option to sync the connection immediately (Sync Now), edit, enable/disable, or delete.
AD Sync 2.0
The new AD Sync 2.0 is available to customers as of the Policy Assist release. Customers who use AD Sync with multiple domains or a complicated organization of users and groups with Active Directory are encouraged to upgrade to Policy Assist to simplify their synchronization configuration. If you wish to upgrade to the Policy Assist release, leave a comment below and I’d be happy to help. Or request a one-on-one demo with a product specialist to see Policy Assist and the new AD Sync in action!
Want to learn more?