Summary: With the latest release, Policy Assist, many improvements and modifications were made to AD Sync.
The recent Policy Assist release includes a dramatic update to our Active Directory Synchronization tool. There were several deficiencies in the original AD Sync that needed to be addressed and we took the opportunity to improve the user interface and workflow for setting up connections. Among the items we wanted to address with the latest release are:
In addition to these user interface improvements, we set out to ensure previews and synchronization requests can access all objects for a specific target regardless of the AD “MaxPageSize” threshold, which is typically 1,000 objects. We also improved the speed of the synchronization process to avoid timeouts when synchronizing large numbers or users and/or groups.
To meet our goals for the project, we re-designed the user interface to follow a three step process.
The first step in setting up your AD Sync is to define the connection parameters. This step is now limited to establishing and testing your connection. Although this step is similar to the initial steps in our previous version of AD Sync, it differs in that it is designed to the KISS (keep it simple) Principle.
Below is an example of what this step looks like.
The second step in AD Sync is designed to provide maximum flexibility with defining your connection target(s). There is a change in how we define the types of objects you can synchronize. We define the three types as such:
Another big change for AD Sync 2.0 are the organizational unit, object previews and group filter dropdown which allow you to configure your target start and optional group filter for each individual target. This provides ultimate flexibility for ensuring the synchronization process targets exactly those groups and users you want to synchronize.
If your users do not reside in a specific domain and are members of a specific group, you can simply select the domain as your target and apply the group filter to synchronize those group members.
When you are satisfied with the target configuration, you add the target to the target list by clicking the “Add Target” button. The target list will display each target you have configured identifying the target type (Employees, Logins or Groups) the target organizational unit, the filter and the number of objects that will be synchronized.
The “Add Targets” step also allows you to define whether you want to synchronize the reporting relationships for user managers and to automatically disable users who become disabled in AD.
If you have defined an employee target in the previous step, you will be directed to the Field Mappings step for employee fields. This step now includes a simple preview of the fields to be mapped when a synchronization occurs. There are several required fields which will be automatically mapped to the corresponding AD fields. In addition to the required fields, there are several other fields you can map which will populate the details for employees in the directory.
Once you have defined a connection, added targets are optionally mapped to your employee fields, you will see your connection(s) listed on the AD Sync connections screen. This list view shows the domain, object types you want to sync, the number of targets defined, the total number of objects to synchronize from all targets, whether the connection is secure (using LDAPS) and whether the connection is enabled. For each connection, you have the option to sync the connection immediately (Sync Now), edit, enable/disable, or delete.
The new AD Sync 2.0 is available to customers as of the Policy Assist release. Customers who use AD Sync with multiple domains or a complicated organization of users and groups with Active Directory are encouraged to upgrade to Policy Assist to simplify their synchronization configuration. If you wish to upgrade to the Policy Assist release, leave a comment below and I’d be happy to help. Or request a one-on-one demo with a product specialist to see Policy Assist and the new AD Sync in action!
Want to learn more?
Join our mailing list to receive latest updates and news.