ADSync is a utility consisting of multiple components used to synchronize local active directory objects with Hosted/Cloud Active Directory objects. ADSync utility v3.0 will sync Multiple OU's in a client\local AD with Hosted OU.
Types of object(s) which are currently synchronized are
User Accounts
The data fields which are being synchronized through this utility for User Accounts are:
Address, BusinessPhone, City, Company, Country, Department, Description, DirectManager, DisplayName, Fax, Email, FirstName, HomePhone, Initials, JobTitle, LastName, MobilePhone, Notes, OfficeLocation, Pager, proxyAddresses, sAMAccountName, State, UserPrincipalName, wwwHomePage, ZipCode.
ADSync utility is a one way synchronization tool, that enables the synchronization of AD users from local/on-premises to the hosted/cloud AD and vice versa is not currently possible. Editing through Control Panel is disabled for a mailbox enabled for ADSync.
The reason to disable the AD user editing in Control Panel for those organizations which are selected to be synchronized with on-premises ADs is that the information updated on Control Panel shall not be available on client’s on-premises AD. And also as ADSyncSvc periodically updates data from local to hosted AD, the changes done through Control Panel will be voided with the synchronization process.
Reboot Required
Yes: You must Reboot ALL Domain Controllers (Primary and Additional) where ADSync tool is installed at least once.
When installation finishes on Primary Domain Controller, ADSync Configuration Studio appears, fill form according to instructions below and save settings.
Terminology used:
Terms used to reference ADs are as under: Please note the difference between Two AD’s:
Local AD / Client AD / On-Premises: This is the AD where you have installed Control Panel ADSync Utility. Once ADSync is enabled you can access this local AD and modify user properties on this AD. These changes will automatically replicate/sync with the Provider’s AD (hosted AD).
Provider AD / Hosted AD / Cloud D: This is the AD that is managed directly by Control Panel Control Server via Control Panel Remote Servers.
Fields of the above screen are described below:
Web Service Url: The Url to the ADSync web service (provided by your host). Example input for the webservice url is shown in tooltip next to the input field.
Admin Login: Input field to get local administrator user login to perform local operation.
Admin Password: Password for local admin user provided in above field.
Domain NetBios name: Local domain controller domain NetBios name input field.
Sync Interval: You can specify Sync interval or use Sync Now option for ADSync v3.0.
Log Folder: Select log folder to create log files in there if logging is required.
Enable Logging: Simple check/uncheck input to whether to enable logging or not.
Service User Name: User name required to authenticate the web service request, this is your customer login used hosted service panel. (In ADSync we need Customer credentials not Reseller/Provider credentials to fetch list of OU’s. List of all OU’s related to Customer are fetched.)
Service Password: Password for user login provided in service user name.
Hosted Organization: Once above service credentials are provided then hosted organizations are listed in the selection input box (please wait for few seconds), select one of the organizations to synchronize its contents. Only the organization(s) owned by single customer (whose credentials are provided) are shown.
Local OU LDAP: Input field to get Local/On-Premises organization LDAP, or use ”select local organization” option to list all local organizations and select one of the organizations.
Enable Auto Mapping: This option enables the customer that all the existing users will be auto mapped to selected hosted organization on the basis of UPN and DisplayName respectively.
Auto Create New User: This option enables the customer that any new user created in local Organization for this profile will be automatically created on hosted.
Add Profile: Adds a profile to the below profiles listing and is saved in configuration file on pressing the Save button on the configuration screen.
Click Save to save all settings.
Configure Mappings
Right click on the selected user and select Configure Mapping to map the users. See the snapshot below:
Click Options > User Mappings to create mapping between Hosted and Local User, click checkbox to enable sync for selected users. For users which exist in Local domain and does not exist on Hosted organization you can select option to create them in Hosted platform.
Important Notes:
ADSync needs to be installed on Primary and all Additional Domain Controllers.
After installation on all Additional Domain Controllers copy SyncConfigurations.xml from ADSync installation folder on Primary Domain Controller to each Additional Domain Controller C:\Windows\System32 folder.
Make sure "Password must meet Complexity Requirements" is Enabled in Local domain policy.
To start ADSync to function you need to force all users to change password on On-Premises (Local/Client) AD, please do expire all user passwords and restart all domain controllers.
Let’s assume Hosted AD having the following user.
User.xzy@livead.com Display Name: Gorge John
And local AD having the following Users.
User.one@livead.com Display Name: Gorge John
#3 from LiveAD will be matched with #1 on LocalAD based on Display Name.
#1 from Live AD will be matched with #2 of LocalAD based on UPN.
|
Local AD |
Hosted AD |
Comments |
|
Mapped by user ID (Exact match) |
||
|
Mapped by user ID (Partial match) |
||
|
User.xzy@livead.com |
Mapped by display name (gorge John) |
|
|
--Create New-- |
It will create new user On Hosted AD |
When ”Enable Sync” is checked, It will synchronized the local user with Hosted AD or will create user on Hosted AD on ”Save”.
Review more detailed trouble shooting notes here.
Normally it should take 15 minutes to update the information from On-Premises to Hosted server. Below is a step by step process how shall this utility be operated.
Save Basic configurations in utility on DC.
Copy config file from PDC installation folder to all ADC(s) system32 folder.
Provide On-Premises to Hosted user mapping using the ADSync config studio.
After providing the mapping, modify the On-Premises Active Directory user account information (Including password).
To force the sync process to start immediately, please restart the ADSyncSvc (a window service) on PDC.
This shall update the information to the control server.
From there, control server uses provisioning svc to update the data on associated backend Hosted active directory server.
In Adsync Configuration Studio there are two new controls. One is to set custom Sync Interval in minutes and other is Sync Now Button. To force immediate update, restart ADSyncSvc on Client AD and Control Panel Provisioning Service on control server too.
This shall update the On-Premises active directory user information to the Hosted active directory user. Also if logging is enabled from config studio, then send us the log files generated from inside the selected folder to review those files and troubleshoot the problem. Please review more detailed trouble shooting notes here.