Active Directory Synchronization Schedules

While importing users or resources from Active Directory, PAM360 provides the option to configure auto-synchronization for a specific group or OU of an AD domain, so as to ensure that the user database is always updated. To set up synchronization, you have to initially enter the time interval at which PAM360 has to query the Active Directory to keep the user/resource database in sync, while providing the domain details to initiate import. The time interval could be in the range of hours/days. Refer to the images shown below for the same.

Details about all synchronization schedules that you have configured for different AD domains can be accessed by navigating to Admin >> Active Directory >> View Synchronization Schedules. In the page that loads, all AD domains for which synchronization has been configured will be listed in the sidebar navigation tab. Additionally, synchronization schedules configured for users and resources will be individually displayed under different sections respectively, as shown in the image below.

From this page, you can carry out the following activities:

  1. Modify/Delete Domain Details.
  2. Modify/Delete Schedules.

1. Modify/Delete Domain Details

To view or modify the details of an AD domain,

  1. First locate the desired domain in the sidebar navigation tab and then click on the Edit icon shown beside the domain.
  2. In the dialog box that opens, you can make changes to domain details like domain name, primary/secondary domain controllers, connection mode etc.
  3. Click Save to apply the changes.

    Note: Once you have modified the details of a domain, PAM360 will use the modified details the next time when it tried to communicate with the domain for data synchronization.

To delete a domain, locate the desired domain in the sidebar navigation tab and then click on the 'Delete' icon shown beside the domain. Click 'Ok' for confirmation.

    Note: Once a domain is deleted here, all synchronization schedules configured for both user and resource import from that domain will be completely removed. To set up user/resource sync again, go to Admin >> Active Directory >> Import Now (or) Resources >> Discover Resources.

2. Modify/Delete Schedules

If you have configured a sync schedule for a specific AD domain while carrying out user/resource import operations, you can later modify the schedules and set different sync intervals for individual groups/OUs in that domain, for both user and resource import respectively.

To modify the sync schedule of a specific group/OU,

  1. Locate the desired AD domain from the list of domains displayed in the sidebar navigation tab and click on it. PAM360 will load the list of all groups/OUs of that domain for which user sync has been scheduled (If you want to modify the schedule of resource sync, switch to the resources section).
  2. Next, locate the required group/OU from the list and click the Edit Schedule icon under the Actions column. In the dialog box that opens, you can modify the sync interval, role, and language as required. Additionally, you can also set a custom display name for the group/OU which will then be shown as the Group Name across all other tabs like Users and Resources where the group/OU is listed. The new display name can be added in the Group Name field in the Schedule Details dialog box. Click Save to apply the changes.

  3. If you want to modify the schedule of resource sync, switch to the Resources tab and click the Edit Schedule icon.
  4. In the dialog box that opens, you can modify the group name, password policy, and sync interval. Click Save to apply the changes.
  5. Note: Setting a custom display name will not overwrite the name of the group/OU in AD. The original AD name will also be retained.

To modify/delete schedules in bulk,

  1. Navigate to the Users or Resources section as required, where the schedules have to be deleted.
  2. Next, select the desired schedules.
  3. To change the sync interval for the selected schedules in bulk, click on Edit Schedules shown above the schedules list.
  4. In the dialog box that opens, you can update role, language, 2FA, schedule owner, and sync interval. To view the selected groups or organizational units, click on View Selected Groups/OUs at the top-right corner.
  5. When modifying the schedule of resource sync in bulk, you can update password policy, schedule owner, and sync interval. Click Save to apply the changes.
  6. To delete the selected schedules in bulk, click on 'Delete Schedules' shown above the schedules list and click 'Ok' to confirm deletion. The schedules will be deleted.
  7. Note: By modifying the schedule owner, the ownership of the existing resources/users remains the same, and the new schedule owner will gain ownership of the new resources/users imported from the further synchronization interval. Also note that the schedule ownership can be transferred only to the users possessing the Manage Active Directory privilege in their defined role.

Top