Join our next TECHtalk Episode on May 25th - What you should know about Cyber-Security - Episode 3

Register
English Български Čeština Dansk Deutsch Español Suomi Français Magyar Italiano Nederlands Norsk Polski Română Русский Slovenčina svenska Türkçe

Cloud Email Security (CES) - Active Directory Synchronizing UTM Services icon

Avatar
Maurice Lejeune
  • Updated
Back to top

Follow the steps below to synchronize users and groups from your existing Windows Active Directory
domain to CES.

23-12-_2021_10-14-21.jpg


1. Go to Settings > Users > Active Directory Synchronization, and slide ON/OFF to ON.

2. Click Download, and save the AD Sync Agent MSI file to you computer.

3. Transfer the AD Sync Agent installation file to a server or workstation within the Active Directory domain.

The server or workstation must meet the following requirements:
• Server: Windows Server 2008 RC2 or later.
• Workstation: Windows 7 or later.
• Microsoft.Net 4.5 Framework is installed.

4. Run the AD Sync Agent installation file on the server or workstation. During installation, you need to
specify the following values:

LDAP URL: The URL of the Active Directory server.
For example: LDAP://123.456.789.10/OU=myOrgUnit,DC=corp,DC=myCompany,DC=com.
Binding User: The username used to authenticate with and query Active Directory.
Password: The password of the Binding User account.
User filter (optional): Enables you to add a user filter value so that you only sync a specific set of users.
For example, givenName=John.
Group filter (optional) Enables you to add a group filter value, so that you only sync a specific set of
groups. For example, memberof=CN=rnd,OU=R&D,OU=group,OU=folder1\+abc/
yeloow\+bbb\<a\>abc,OU=sub1\+WIC/
MSS\"WIC\\\BBCC,OU=Root,DC=test,DC=group,DC=company,DC=com.
Email: The AD property that matches the email address of the user. This field is required and must be
unique.
Last Name: The AD Property that matches the last name of the user
Phone Number: The AD Property that matches the phone number of the user
Email Aliases: The AD Property that matches the email aliases of the user


5. After AD Sync Agent is installed, Active Directory synchronization starts after 5 minutes.

6. To configure the frequency of Active Directory synchronization on the server or workstation, open
Windows Task Scheduler, open Task Scheduler Library, and then locate the CyrenAdSync task. Edit the
task, go to the Triggers tab, and then in advanced settings configure Repeat Task Every.

 

Troubleshooting

If your domain is a child domain, then AD Sync Agent might not be able to automatically retrieve the
domain of the server or workstation that it is installed on. To resolve this issue:


1 On the server or workstation that AD Sync Agent is installed on, go to the folder
Program Files (X86) > Cyren > AdSyncAgent.

2 Create the file AdsyncCustomConfig.txt.

3 Open AdsyncCustomConfig.txt in a text editor, and add the line
NETBIOSNAME=domain_netbios_name, where domain_netbios_name is the NetBIOS name of your domain. Typically, the NetBIOS domain name is the highest subdomain of the DNS domain name. For example, for domain company.com, the NetBIOS name is company.
For the domain us.company.com, the NetBIOS name is us.

You can diagnose synchronization errors by checking the AD Sync Agent log:
- On the server or workstation that AD Sync Agent is installed on, go to the folder
Program Files (X86) > Cyren > AdSyncAgent.
- Locate and then check the file AdSyncStatus.xml.

 

 

Check the options to contact Support
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Related articles

Comments

0 comments

Please sign in to leave a comment.