Configuring AD Sync in a Single Domain Controller Environment


  • 64-bit
  • Windows Server 2008 R2 and newer promoted to a Domain Controller (i.e. has the FSMO roles RID, PDC and Infrastructure)
  • Windows Server Core is NOT currently supported at this time as the OS GUI is required to facilitate authentication
  • Should you prefer a 'headless' installation not requiring the server GUI, please raise a Feature Request via the Customer Success Center

  • The Passportal agent to function besides those that are automatically assigned after promoting a Windows Server to a Domain Controller (these being RID, PDC and Infrastructure from what I can see on out test DC’s).

  • Domain Admin access on Domain Controller
  • Supports TLS 1.2 or higher. More information on which versions of windows server support which TLS protocols can be found in this article.
  • C++ 2015 Redistubutable (64-bit version) and .NET 4.5 installed on target device.
  • Outbound FTP Endpoint: port 21 should be enabled (Optional)
  • Ports 7771 and 7777 open for internal network communuications
  • Port 443 (TLS) for communications with the Passportal dashboard

For clarification on the Windows Agent toggles, see Active Directory Integration.

If you intend to enable Windows Sync for your Company Vault:

  1. Go into the Company Vault > Credentials on the left hand navigation bar
  2. Click on Edit at the top of the screen
  3. Choose Edit Client
  4. Enable Windows Sync, and select any other required options
  5. Click Save
  6. Install the Windows Agent in your network and select your company from the Client drop-down when configuring the agent during the install process


We refer to Primary and Secondary DC's throughout the installation procedure

The Primary DC is one of your own choosing (that meets the required Prerequisites above) where you will install the Primary Passportal Agent

Any Secondary DC's are where you will install the Secondary Passportal Agents