How to Enable Active Directory Sync
Enable Active Directory Sync
If you have Active Directory located on your premises, you can use Spambrella Active Directory Sync option to add and automatically sync user accounts and groups between environments.
Before you begin, you will need the following:
- An inbound connection that allows our IP range to connect to your domain controller.
- A user account with read permissions to Active Directory.
- A user account with administrator privileges to Spambrella.
- The Base DN (Distinguished Name).
The Base DN is the starting point for directory server searches.
For example: DC=mycompany,DC=com, the Connector starts from this DN to create the list of users and groups to sync
Support for LDAP and LDAP over SSL
The standard protocol for reading data to Active Directory is LDAP. LDAP traffic is unsecured by default. To make LDAP traffic secure, you can use the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocols. This combination is referred to as LDAP over SSL — or LDAPS.
To setup your domain controller to accept LDAP over SSL, please refer to the following Microsoft article: How to enable LDAP over SSL
Configure Active Directory Sync in Spambrella
- Log in to the user interface
- On the Company Settings tab, click Import Users
- Select the default role that should be used for user accounts that are added to Spambrella
– A user account with a silent user role will receive the quarantine digest email but will not have login rights to the interface
– A user account with an end user role Will receive the quarantine digest email and will have login rights to the interface
- Specify the IP address or hostname of your Active Directory that Spambrella will connect to
- Specify the username and password of the account that Proofpoint Essentials should use to connect to your Active Directory.
- Select the connection port that Spambrella should use.
– LDAP (389)
– LDAP over SSL (636)
- Enter the Base DN that Spambrella should use to connect to your Active Directory.
Choose what you would like Spambrella to sync:
– Active users
– Disabled user accounts
– Functional accounts
– Security groups
– Include items hidden from the GAL
- Choose how you would like Spambrella to sync:
– Create new user accounts and groups
Sync updated accounts
– Update existing user accounts and groups
Delete removed accounts
– Remove accounts from Spambrella that are no longer found in Active Directory
Sync every 24 hours
– Perform the Active Directory sync once every 24 hours
Manually Perform Active Directory Sync.
If you checked Sync Every 24 Hrs in the Active Directory settings, a sync is automatically performed. Otherwise, you need to force a sync.
- On the Users & Groups tab, click Active Directory
- Click Search
- Review the search results
- Click Execute