Add Active Directory Synchronization
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Add Active Directory Synchronization

  • Dark
    Light
  • PDF

Article summary

Active Directory Synchronization in Splashtop Secure Workspace periodically updates passwords of Active Directory and Windows domain users, storing the updated passwords in the workspace's Secret Vault.

IT Admin Preparation: Deploy Connectors and Set Permissions

Before initiating Active Directory synchronization, IT Admins need to undertake two key preparatory steps within the organization's private network or cloud environment:

  1. Deploy Connectors: Follow the detailed instructions provided in the Deploy Connectors Guide to deploy connectors. This guide outlines the process of setting up connectors which are crucial for facilitating secure communication between the Secure Workspace and your internal network.
  2. Enhanced Privileges for Connector Operation: To ensure smooth Active Directory synchronization, especially when deploying the connector on a non-domain controller machine, here are detailed requirements for the permissions and settings of the connector server logon user:
    1. Deployment Location: The connector can be deployed on a non-domain controller machine. This offers greater flexibility in system architecture and possibilities for distributed management.
    2. Server Logon User Settings:
      1. Domain Member User: Ensure that the server logon user is a member of the domain. This is crucial for proper communication with Active Directory and execution of required operations.
      2. Member of the Account Operator Group: Set the server logon user as a member of the Account Operator group. This step is key because members of the Account Operator group typically have the permissions needed to modify Active Directory user passwords, which is vital for the synchronization process.
      3. Local Administrator Privileges: It's recommended to set the server logon user as a local administrator (local admin) of the machine running the connector. This ensures that the user has sufficient privileges to start services and write logs, ensuring effective operation and troubleshooting capabilities of the connector.

Step 1: Accessing Active Directory Configuration

  1. Log in to your Splashtop Secure Workspace super admin or org admin account.
  2. Navigate to the Secrets Manager and select the AD Sync section to access the AD synchronization page.

Step 2: Adding Active Directory Synchronization

  1. On the AD synchronization page, click the Add synchronization button.

Active Directory Synchronization Settings

image.png

Configure the following settings for AD synchronization:

  • Synchronization Name: Enter a unique name for the synchronization process.
  • Display Name: Specify the display name for easier identification.
  • Connector: Ensure the connector is running on the domain controller with admin privileges. Use the Test button to verify appropriate permissions.
  • Target Folder: Designate a folder in the Secret Manager to store the synced user passwords. This folder must be within the tenant's shared folder. Specify the folder path and create a new folder if needed.
  • Synchronization Interval: Set the frequency of synchronization (either in days at specific times or in hourly intervals).
  • Password Settings: Define the password length (default is 10) and toggle the Complex Password requirement (Passwords must meet complexity requirements).

Controlled AD Users Management

  • Search Function: Use the search feature in the top-right corner to quickly locate users.
  • Add Sync User: Click to add users to the synchronization. The connector will retrieve all users from the domain controller, displaying usernames and Principal Names. You can search for specific users or add multiple users at once.

User Synchronization Table

image.png

This table displays the following columns:

  • Username
  • Secret Title
  • Status (Synced, Failed)
  • Date Last Synchronization
  • Action (Modify or Delete)
    • Modify: This option allows you to directly edit the existing secret stored in the Vault for the user's password. When you select "Modify," you will be able to update the password or other relevant details of the secret associated with that particular user. This is crucial for maintaining current and accurate credentials in the system.
    • Delete: Remove a user from the synchronization list. This action does not delete the user from the Active Directory but stops their password synchronization and management through this system.

Finalizing and Executing Synchronization

  • After configuring all settings, save and apply changes.
  • Optionally, use the Sync now button to immediately initiate a synchronization.

Was this article helpful?