The Sync Tools feature will allow administrators to synchronize groups of users to the DNSFilter Dashboard. This will allow administrators to group users into Collections and apply specific policies, schedules, and block pages to those Collections or on a per-user basis.
Deploying the Windows Active Directory Sync Tool
Our Microsoft Windows Active Directory Sync Tool allows you to synchronize users from one or more Active Directory domains and forests in your environment. The Sync Tool allows you to synchronize the following items:
- Users: Manually select specific Active Directory Users which you’d like to sync
- Groups: Manually select specific Active Directory Groups which you’d like to sync.
These users and groups can be added to various DNSFilter Collections, to apply specific policies and block pages to those users or groups of users. You may also apply specific policies and block pages on a per-user basis using the DNSFilter Users feature.
To set up and configure the Microsoft Windows Active Directory Sync Tool, you may follow these instructions:
- Navigate to Deployments > Sync Tools.
- Click the Install Your First Sync Tool button.
- Provide a Name for the new sync tool and click the Continue button.
- NOTE: The Secret Key is only accessible on the newly created Sync Tool page, store this in a safe location in case you need to reinstall the sync tool in the future.
- Download the Active Directory Sync Tool and install it on a domain-joined computer in your environment (we recommend against installing it on a Domain Controller, if possible).
- Open the DNSFilter AD Sync Tool from the Start Menu and add the Secret Key supplied in step #4 above. You may also change the default frequency that the sync tool synchronizes any changes to your directory to DNSFilter.
- For each Active Directory Domain that you wish to synchronize from, add a new entry to the Server List (on the AD server settings tab) and provide the following details:
- Friendly Name: Text which appears for this entry in the Server List
- Address: Fully-qualified hostname or IP address of the Domain Controller the sync tool should poll.
- Protocol: By default, the sync tool will use LDAPS (TLS/SSL) over port 636. You may optionally change this to non-secure LDAP over port 389.
- Username and Password: If the sync tool is installed on a non-domain computer, provide the credentials for a service account with at least Domain User permissions.
- Press the Test button to confirm your settings are valid, then press the Load button to verify proper connectivity to Active Directory. If connectivity was successful, a list of Active Directory Organizational Units (OUs) will be displayed. Expanding each of those OUs will show Groups and Users within those OUs.
- Optionally limit which OUs, Groups, and/or Users you wish to sync to DNSFilter. By checking all options, the sync tool will synchronize all groups and users. Some administrators may wish to limit the synchronization so that administrator accounts, service accounts, etc. do not get synchronized.
- Press the Save button to save the selected OUs, Groups, and/or Users you selected in the previous step and to force the initial synchronization to occur. The initial synchronization may take a few minutes to complete. After the synchronization is complete, you will see synchronized groups and users within your DNSFilter Dashboard.
Note: The AD Sync Tool does require the Active Directory Recycle Bin feature to be enabled to be allow you to remove synced users from the DNSFilter Dashboard if they have been deleted in your Active Directory. This feature allows for better management of your Active Directory in general and is recommended to turn on. More documentation from Microsoft on this feature can be found here. Not using this feature is optional but your ability to remove synced users will not be available without it.
The DNSFilter Microsoft Windows Active Directory Sync Tool runs as a system service to ensure it automatically starts if the computer is rebooted. It’s important to install the sync tool on a computer that doesn’t get shut down and has a stable internet connection.
Our Microsoft Windows Active Directory Sync Tool also works with Azure Active Directory and allows you to synchronize users from one or more Azure Active Directory subscription.
Users and groups can be added to various DNSFilter Collections, to apply specific policies and block pages to those users or groups of users. You may also apply specific policies and block pages on a per-user basis using the DNSFilter Users feature.
To set up and configure Azure Active Directory, follow these instructions:
- Set up a new Azure application making sure to select the Microsoft graph API permissions of Group.Read.All, GroupMember.Read.All and User.Read.All. Then click the button to "Grant admin consent" for your directory.
- Copy the Tenant ID, Client ID and Client Secret from your Azure Active Directory instance, and add them in the Azure tenant settings tab of the Microsoft Windows Active Directory Sync Tool and make sure the settings are saved.
- Select the groups / OUs that need to be synced
AD Sync Tool Version Log
You can find the history of the Active Directory integration release notes on our public changelog.