Synchronize inSync users with your AD/LDAP
Elite Enterprise Overview
When you synchronize inSync users with your Active Directory (AD) or LDAP.
When configured, inSync automatically, at a defined interval, queries your AD/LDAP and preserves any inSync user who has been disabled in your AD/LDAP.
There are two ways in which you can synchronize inSync users with your AD/LDAP:
- Automatic Sync: In this process, inSync automatically queries your AD/LDAP at regular intervals. You can configure the frequency at which inSync must query your AD/LDAP.
Note:
- You can only synchronize users whom you imported using your AD/LDAP. You cannot synchronize users whom you added individually or through a CSV file.
- inSync automatically disable users who are disabled in AD/LDAP. However, if you enable users that you disabled in AD/LDAP, inSync does not automatically enable them in inSync. For more information on how you can enable users on inSync, see Disable, enable, and delete users.
- When you synchronize inSync with your Active Directory (AD)/LDAP,
- inSync queries your AD/LDAP for user details and disables any inSync user who is removed from your AD/LDAP.
- If any user is disabled in your AD/LDAP, inSync disables that user only if
- The MANAGE_AD_DISABLED_USERS parameter is set to True in the inSyncServer.cfg file
- The Auto disable unmapped users parameter is selected, as described in Auto-sync users with the Active Directory.
- By default, the MANAGE_AD_DISABLED_USERS parameter is set to True. If you want to modify inSyncServer.cfg file, contact Druva Support.
Auto-sync users with the AD/LDAP
To enable automatic synchronization of inSync user details with your active directory when creating an AD/LDAP mapping, see Create an Active Directory mapping. inSync automatically queries AD/LDAP at regular intervals for user details and deactivates any inSync user that is removed from AD/LDAP.
To enable automatic synchronization of inSync users with your AD/LDAP,
- On the inSync Management Console, click Manage > Deployments > AD/LDAP. AD/LDAP page with details of existing AD/LDAP Mappings appears.
- Click the AD/LDAP Settings tab.
- In the AD/LDAP Settings area, and click Edit.
- Select the Auto preserve unmapped users check box.
- Click Ok.
inSync now automatically, at the defined interval, queries your AD/LDAP for user details and preserves any inSync user who has been disabled or removed from your AD/LDAP.