Configuring AD Sync in a Single Domain Controller Environment
- Windows Server 2008 R2 and newer
- Windows Server Core is not supported at this time
Domain Admin access on Domain Controller
- Supports TLS 1.2 or higher. More information on which versions of windows server support which TLS protocols can be found in this article.
- If not current or installed, the agent will also deploy C++ 2013 and .NET 4.5 or newer during the install
- Outbound FTP Endpoint: agent.passportalmsp.com port 21 should be enabled (Optional)
If you are NOT configuring a single Domain Controller Environment and you require clarification on the Windows Agent toggles, see Active Directory Integration.
Single Domain Controller - Primary Domain Controller Setup Instructions
- Edit the client to enable Windows Sync, and download the Windows Agent.
- Once the agent has been downloaded, transfer the installation to the Domain Controller and launch the Setup.exe.
- The agent has now been installed, and a restart of the server will be required for the Two-Way sync to take place. Clicking “OK” will NOT restart the server. You can however restart now, or at the end of the article.
- The Passportal Windows Agent application will launch, and we will be able to continue with the installation. On the first screen authenticate with your Passportal Passportal login details.
- You are prompted to create a Domain Administrator account which is used to run the Passportal and PassportalUpdater services that get created. A username you could use could be PassportalSync and a Random password.
- This Administrator account does not yet exist on your Active Directory Environment, so you will be prompted to create the account.
- When the account has finished being created you will have a success message saying “Passportal Windows Services were restarted successfully. You may close this window."
- The Windows Agent has finished installing. Please go to Passportal to verify the "PassportalSync" account exists.
- If you did not restart the Domain Controller after installing the Windows Agent, please do so now so that Two-Way Sync will start to work.
If you require clarification on the Windows Agent toggles, see Active Directory Integration.
In the next step please ensure you put the local IP Address of the Primary Domain Controller. Leaving this as the loop back IP will cause errors later on.
The account used for authentication needs to have the Permission called “Setup AD Sync” in order to authenticate.