Configuring AD Sync in a Workgroup Environment (Unsupported)
In order for the agent to work, the system requires:
- Windows 10 or Windows Server 2008R2 or newer
- Supports TLS 1.2. More information on which versions of windows server support which TLS protocols can be found in this article
- If not current or installed, the agent will also deploy C++ and .NET 4.5 or newer during the install.
Non-Domain System Setup Instructions
The Active Directory sync is a tool that allows you to monitor or administrate passwords on an active directory server. The tool will run as a service on the server and periodically sync with Passportal. The sync runs on one client to one server relationship.
In a Workgroup environment, this process becomes a bit more manual and time-consuming but is still possible.
- Deploy the agent on each workgroup machine
- Creating accounts:
- Ensure the username is machine\username
- For shared accounts across multiple windows machines, omit the machine name in the password username
- Once the credentials have been created in Passportal, you will need to enable the AD sync per-password within the edit Password slider:
- Select Edit Password
- In the Windows sync, select "Enabled"
- This will automatically add the machine name if required.
When importing or manually adding the account credential in Passportal:
Using the "Auto-Create Users as Passwords" feature
You may encounter a problem with multiple agents pointing to one client folder. This can be a problem if identical user names exist on two computers with agents on them both pointing to the same client in Passportal.
AD Setup Step-by-Step Guide
AD sync is set by default to update the password on the system with the agent installed if it is changed in Passportal. However, this can be changed at the password level (individual passwords may have their own settings).
The two modes are:
- Report Mismatches. This mode is a passive monitoring mode. It will attempt to match username/password pairs in Passportal with their equivalent usernames and passwords on the server. If there are any discrepancies (such as the password being changed serverside) then the tool will flag that password entry. The flag will appear on the password, the client and on the dashboard prompting Passportal users to change the password.
- Change Password. This mode directly changes passwords on the server. When a password mismatch is detected it will change the active directory password to match the password in Passportal. This allows Passportal users to push password changes to the server and directly manage the passwords on that server.
- Create or edit a client, and enable "AD SYNC".
- Two-Way Sync - This will allow password changes on the local workstation to be propagated up to Passportal.
- Auto Create Users as Passwords - When selected, any users created or edited on the local machine that are not already in Passportal will be automatically created. This will now automatically populate them all, they will require a Create or Edit of the user to trigger this.
Once you've installed the agent, the system will require a reboot in order for the 2-way sync to work
If you type in a domain admin account that does not exist, the tool will offer to create that account automatically as a user with domain admin rights.