The listener domain controller is the only one that will reflect account changes in the logs. Other domain controllers will only log password changes. You may go for long periods of time without a password change occurring on a domain controller, so you will not see logs for other days.
No, the AD Sync account and password must not be changed after installation of AD Sync to any domain controllers. Doing so will cause AD Sync to immediately cease processing updates to user accounts and may require re-installation of AD Sync on all domain controllers.
CDS monitors AD Sync activity. In the event of an error, you may be contacted to obtain a copy of your AD Sync log files.
Changes are stored in a queue under the AD Sync installation folder. Once connectivity with CPSM has been re-established, these changes are processed on a first-in, first-out basis.
AD Sync establishes a secure connection to CPSM using HTTP over SSL (HTTPS) to https://portal.teamcds.com/ via your regular Internet connection.
Your domain controllers should be able to communicate outbound on port 443. No ports need to be opened for inbound communication.
No, AD Sync only provides one-way synchronization from the domain controller to CloudPortal Services Manager. AD Sync does not make changes to any objects in your domain.
No, AD Sync does not currently support replication of expiry data from your domain controllers.
To determine which AD Sync installation is currently the “listener” for your domain, you can check the
ADSync.exe.config file located by default in
C:\Program Files\AD Sync. Look for the value called
UserSync. If this is set to
True then this is your “listener” domain controller. Otherwise, it is just watching for password changes.