Step 1: Before you begin setting up ADI, you should complete the below steps and gather the required information to streamline your setup process.
- Confirm your set-up meets our basic requirements:
- Active Directory: Microsoft Active Directory running at functional level 2003 or higher
- Service: Windows Desktop 7/Vista/8/10 or Windows Server 2003/2008/2012/2016 (32 or 64 bit).
- IP address or FQDN for an AD Directory Controller: By default, all Domain Controllers are set up to respond to LDAP requests.
- AD Domain Name: This is simply the root domain for your Active Directory.
- Username/Password to query LDAP: An AD account which has access rights to perform LDAP queries. If the AD account you're using is not a domain admin, you will want to ensure that account has certain "read" permissions to your AD.
- Obtain your Active Directory Synchronization Token: Your account's AD Sync token is located in your admin console under Integration.
- Enable ADI on your Account: Check the "Active Directory Integration Enabled" option located in the same Account Settings area and click the "Update Account Info" button to save the settings.
- Download the emPower Active Directory Sync tool.
Part of the configuration requires knowing where in AD the user objects are. The configuration supports specifying a combination of OUs and groups (security and distribution) to be queried for users. It's helpful to have Active Directory Users and Computers (ADUC) open when configuring the synchronization so that OU paths and groups are readily available.
- If the users you'd like to sync are located in the built-in User container instead of an OU, you'll want to create a security group, add those users to it, and sync that group instead. (You cannot sync containers.)
- If you find that your AD is not organized in an ideal way for syncing with the admin console and are not sure, you can set up one or more groups in Active Directory for the purposes of containing all of the user objects and/or groups you'd like to sync, and then choose to sync ONLY those groups.
Once these configurations are done and the required information is on hand, you're ready to set up your AD Integration.
Step 2: Installation and Configuration
Once you've gathered all the information you need, you're ready to begin installing and configuring your ADI Sync.
- Run the Active Directory Sync Tool. The service may be installed anywhere in the environment as long as the system can communicate with a Domain Controller that accepts LDAP connections;
- A command prompt will be opened and will navigate to the installation directory; then
- You'll be prompted to enter the below given information:
- The first time this command is run, you will be prompted for the Active Directory Synchronization Token. This is the string from your Integration Settings within your admin console.
- When prompted, enter the Domain Name of your Active Directory
- When prompted, enter the Domain Controller hostname (FQDN) or IP address.
- When prompted, select if you’ve got LDAP available. This is set to FALSE by default. If you do have LDAP enabled, you can change that setting to TRUE if you wish.
- When prompted, enter the username for LDAP.
- When prompted, enter the password for the supplied user.
- Press Enter to Exit once all information is completed.
As long as the connection was successful, you will be returned to the command prompt with no errors. If there were issues reaching or authenticating, an error will be displayed and the above process will need to be done again with valid configuration data.
If you've completed everything above, your ADI service is now configured and may be started by using the Windows Service Control Manager (the service is called "Active Directory Integration Sync Service"), or
The sync service will attempt to run immediately after start.