The Active Directory Synchronisation utility (ADS) allows you to use your Active Directory infrastructure to populate and maintain your users and groups within the platform.
After you configure ADS, users and groups will automatically be added, changed, and archived based on information sent from your Active Directory every 6 hours (by default). It is important to note that this is a one-way process of synchronisation and no information will be sent back to your Active Directory from the platform.
Installation and Configuration
Fig 1.
You will initially need to download the installation file once you are logged into the platform.
- Select "Organisation" under "SETUP" on the main menu.
- Click "Settings".
- Select Active Directory Sync from the Settings menu on the left of the new page.
- Click the DOWNLOAD ACTIVE DIRECTORY SYNC UTILITY button and save the .msi file to a location that is accessible for the installation.
- NOTE: Later during these instructions, you will require the Unique Id token
- To enable even greater security, you may wish to "allowlist" your own Active Directory server so that only this IP address can send Active Directory information to our platform. This must be the 'public' IPv4 address of the computer on which you have installed the Active Directory Sync tool, and not your internal 'private' network IPv4 address. We would recommend this approach, where possible.
- During the process of ADS, it is important to ensure your filters are correct before actively using the platform. Please ensure "Test Mode" is selected for all ADS activity until you have completed configuration and verified that it is operating correctly. While Test Mode is enabled, nothing is actually altered but rather, the effects are shown in the Active Directory page showing what would have happened should the sync have taken place. This allows you to resolve any potential issues without affecting current users in the platform.
- Finally, for this section, ensure ADS is enabled by checking the box.
Installing the Active Directory Sync utility
The default installation folder for both of these applications, and their associated configuration files, is "C:\Program Files (x86)\PhishingTackle.com.
- Run the installation file PhishingTackleActiveDirectorySync.msi on the appropriate computer and follow the prompts on each page, starting with the following (Fig 2). Once the ADS utility installation has completed, you should find that two main applications have been installed.
Fig. 2
- The first application is the Microsoft Windows Service (Fig 3).
- This should be set to Startup Type of "Automatic" and have a Status of "Running".
- It should also be set to Log On As "Local System" account.
Fig. 3 (As seen from the Windows Services application)
- The second application installed is the ADS utility setup utility which is found in the Windows Start Menu under PhishingTackle.com (see #1 in Fig 4).
- This application provides the configuration information for the Windows Service application.
Fig 4. (The exact appearance of your Windows Start Menu may differ from this image) |
Configuring the Active Directory Sync utility
Once installed, you are ready to use the GUI application to configure your ADS Windows Service.
Launch the "Active Directory Sync Setup" utility from the PhishingTackle.com folder in your Windows Start Menu (#1 in Fig. 4) and you should then be presented with the following screen.
Fig 5. |
The utility has multi-domain capabilities but, in this example, we shall be adding just a single domain.
The following steps will outline the configuration of the ADS utility to synchronise with your Active Directory domain.
- Click "Add New Domain"
- This will open the main configuration window (Fig. 6).
Fig 6. |
You will need to complete each numbered item in Fig 6. to correctly configure the Active Directory Sync Utility :-
- Enter the domain you wish to use for synchronisation.
- Enter the domain controller host name or IPv4 address.
- Enter the LDAP port number (for example, 389).
- Enter your username with the appropriate credentials to access your Active Directory.
- Enter the associated password for this username.
- Enter the Unique ID token found in Organisation Settings (#5 in Fig. 1).
- Click Test Connection.
- If you have entered appropriate credentials, you should see a Success message.
- When you have successfully authenticated with your Active Directory, click Encrypt & Save.
- This section is editable and is used for creating LDAP filters to extract the required information from your Active Directory,
- You do not need to change any of these settings to synchronise your users unless you wish to include/exclude specific criteria without using LDAP filter syntax but if you do, remember to click Encrypt & Save.
How Do I Change the Active Directory Email Source?
By default, ADS will consume all proxy email addresses for your users. However, you can change where you'd like to pull email addresses from in Active Directory. Additionally, you can choose to sync only the primary proxy email address of the user.
Launch the "Active Directory Sync Setup" utility from the PhishingTackle.com folder in your Windows Start Menu (#1 in Fig. 4) where you will see the following:
[defaults]
primaryProxyAddressOnly = false
[fields]
email = "proxyAddresses"
- If you'd like to use only the primary proxy email address for each user, change the primaryProxyAddressOnly field from false to true.
- If you wish to use the Active Directory Mail attribute instead of proxyAddresses, change the "email =" field to "mail" instead of "proxyAddresses".
- If you would like ADS to use the userPrincipalName (UPN) instead of proxyAddresses then change the emailAttribute field from "proxyAddresses" to "userPrincipalName".
Once any of the above have been made click Encrypt & Save, then restart the ADS Windows Service.
Any changes to your Active Directory user selection information will only be actioned on the next synchronisation (usually once every 6 hours, unless changed). If you wish for your changes to take immediate effect, please RESTART our Windows Service (see Step 2 above).
You will see the last time a synchronisation was attempted at the top right of your dashboard or in the Recipients | Active Directory menu option.
For further information of LDAP/Active Directory filters, please see this external article
Should you have any further questions, please contact our support desk by clicking here.