Configuring AD Sync in a Single Domain Controller Environment


  • 64-bit
  • Windows Server 2008 R2 and newer
  • Windows Server Core is not supported at this time
  • Domain Admin access on Domain Controller

  • Supports TLS 1.2 or higher. More information on which versions of windows server support which TLS protocols can be found in this article.
  • C++ 2013 Redistubutable and .NET 4.5 installed on target device.
  • Outbound FTP Endpoint: port 21 should be enabled (Optional)

For clarification on the Windows Agent toggles, see Active Directory Integration.

Single Domain Controller - Primary Domain Controller Setup Instructions

  1. Edit the client to enable Windows Sync, and download the Windows Agent.
  2. Once the Windows Agent has been downloaded, transfer the installer to the Primary Domain Controller and launch the installer using Setup.exe.
  3. Click Next.
  4. Read the License Agreement, click the I Agree radio button, and then click Next.
  5. Accept the default target Install Folder or enter a preferred location. Leave the Everyone radio button selected. Click Next.
  6. Select the Windows Agent radio button and then click Next.
  7. In the next step please ensure you put the local IP Address of the Primary Domain Controller. Leaving this as the loop back IP will cause errors later on.

  8. Enter the Primary Domain Controller IP address (and the Listener Port number if not using the default port 7771), and then click Next.
  9. Confirm the Install by clicking Next.
  10. The Windows Agent will now install. Once completed, you will be prompted to reboot the Domain Controller to enable 2-Way Password Sync. This does not need to be done immediately, and clicking OK will not cause a reboot to happen. Please ensure the Domain Controller is rebooted at a suitable time. Click Close in the main dialog, to close the installer.
  11. The Windows Agent application will launch, to continue with its configuration. Authenticate with your Passportal login details. Once you have entered your details, you will see a message advising you have Successfully Authenticated. Click Refresh next client to populate the dropdown menu with the clients in Passportal and then select the appropriate client. Click Continue.
  12. The account used for authentication needs to have the Permission Setup AD Sync in order to authenticate.

  13. You are now prompted to create the Windows Service Account which is used to run the Passportal and PassportalUpdater services. Enter an appropriate name for the servoce, such as PassportalSync. Also enter a password for the account or click Random to generate a random password. Click Save and Start Agent.
  14. As the Windows Service Account does not exist on the Domain Controller, you will be prompted to create it. Click Yes to do so.
  15. When the account has been created you will receive message advising Passportal Windows Services were restarted successfully. You may close this window. Click Close to complete the setup on the Domain Controller.
  16. Once the Windows Agent has been installed, we recommend to confirm the newly created Windows Service account has been populated into Passportal.

If you did not restart the Domain Controller after installing the Windows Agent, please do so at the next convenient time so that Two-Way Sync will function.