Active Directory (AD) Synchronization

The following environments are supported:

• In the Cloud AD with Azure (Windows Azure Active Directory or WAAD via Microsoft Graph). Refer to Configuring AD for an organization in Azure.
• On-premise AD with LDAPS (Lightweight Directory Access Protocol Secure). Refer to LDAP Requirements.

NOTE  To support unified identity management with traditional on-premises applications, WAAD can also be integrated with Windows Server Active Directory via DirSync and Active Directory Federation Services (ADFS) gateway components. This hybrid implementation is not specifically supported by Datto.

Active Directory sync is scheduled to run automatically every 24 hours, based on the last scheduled or a manually initiated (forced) sync or sync attempt. For tracking purposes, Autotask keeps a history of the last 10 syncs. Older historic data is removed.

• Synchronization must be separately configured for each customer organization whose contacts you manage in AD. Organization contacts are synchronized based on their membership in a specific group (Azure) or being a match for a specific set of filters (LDAP). Both creation of new contacts and update of existing contacts is supported. Refer to Setting up Active Directory sync for an organization in Autotask. For a list of fields, refer to Contact Sync Fields.
• If contacts and users already exist in both Autotask and AD, we will match users to contacts based on specific mapping rules. Refer to AD user and contact matching rules.
• Any remaining conflicts can be addressed on the Autotask AD admin pages. Refer to Conflict Cases.

• If a field contains a value in Autotask but is blank in Active Directory, the value in Autotask is retained and not overwritten by the synchronization.