User Tools

Site Tools


AD Sync FAQ

Why do I have so few logs on my domain controllers? Why is an account change I've made not showing in my logs?

The listener domain controller is the only one that will reflect account changes in the logs. Other domain controllers will only log password changes. You may go for long periods of time without a password change occurring on a domain controller, so you will not see logs for other days.

Can we rename the AD Sync account in CloudPortal Services Manager? Can we change the AD Sync account password after we have installed AD Sync?

No, the AD Sync account and password must not be changed after installation of AD Sync to any domain controllers. Doing so will cause AD Sync to immediately cease processing updates to user accounts and may require re-installation of AD Sync on all domain controllers.

Are there any error messages that should be monitored for?

CDS monitors AD Sync activity. In the event of an error, you may be contacted to obtain a copy of your AD Sync log files.

What happens if synchronization does not happen for a certain amount of time due to domain controller maintenance or an Internet connectivity outage?

Changes are stored in a queue under the AD Sync installation folder. Once connectivity with CPSM has been re-established, these changes are processed on a first-in, first-out basis.  

How does AD Sync connect to CPSM for synchronization?

AD Sync establishes a secure connection to CPSM using HTTP over SSL (HTTPS) to https://portal.teamcds.com/ via your regular Internet connection.

What ports should be open to allow communication between AD Sync and CloudPortal Services Manager?

Your domain controllers should be able to communicate outbound on port 443. No ports need to be opened for inbound communication.

Do changes in CloudPortal Services Manager synchronize back to my domain controllers?

No, AD Sync only provides one-way synchronization from the domain controller to CloudPortal Services Manager. AD Sync does not make changes to any objects in your domain.

Can I synchronize account and password expiry data with CloudPortal Services Manager?

No, AD Sync does not currently support replication of expiry data from your domain controllers.

How do I determine which domain controller is currently functioning as the "listener" for AD Sync?

To determine which AD Sync installation is currently the “listener” for your domain, you can check the ADSync.exe.config file located by default in C:\Program Files\AD Sync. Look for the value called UserSync. If this is set to True then this is your “listener” domain controller. Otherwise, it is just watching for password changes.