User Account Management from Active Directory
This article is only applicable to users of Workplace Essential and Workplace Advanced.
If your Active Directory is synchronized to a cloud identity provider that partners with Workplace, we recommend integrating Workplace with your cloud provider directly.
The Workplace AD Sync component lets you sync selected groups and organization units from Active Directory to Workplace, eliminating the need for manual user administration when people join and leave your organization. AD Sync is designed to automatically:
  • Provision (create) user accounts as new people should be given access to Workplace.
  • Update user profile attributes over time as they change (ex. different phone number).
  • De-provision (deactivate) user accounts as people leave your organisation, or should no longer have access.
AD Sync runs as a Windows Service within your IT infrastructure. After you configure it to query AD for the set of users you'd like to give access to Workplace, AD Sync will run on a schedule every 3 hours to reconcile accounts between AD and Workplace.
Was this information helpful?
This article is only applicable to users of Workplace Essential and Workplace Advanced.
The AD Sync Component requires the following:
  • Software installation must be run by a user with AD Domain Administrator privileges.
  • AD Sync is designed to run on Windows Server 2012 R2 or Windows Server 2016. Other configurations may work (when the OS language is set to en_US), but aren't supported by Workplace.
  • AD Sync needs to run on a computer that is domain-joined to the same AD controller that your Workplace users belong to. If your Workplace users belong to multiple AD Domains, you may need to follow the installation and configuration procedure for AD Sync on a server in each domain.
  • The following Microsoft components are required and will be installed with AD Sync if they're not already on the server: .NET Framework 4.5.2, and SQL Server 2014 Express LocalDB (a light version of SQL Server Express) to store user data. All cumulative updates should be installed.
  • For each group of users that you want to sync to Workplace from Facebook, you must identify: the Distinguished Name (DN) of the root entry in Active Directory that contains the users, and either an LDAP Filter or an Active Directory Group that identifies the users you want to sync to Workplace.
  • Your Domain Controller must be able to support LDAPS (SSL) connections over port 636.
Was this information helpful?
This article is only applicable to users of Workplace Essential and Workplace Advanced.
The AD Sync Component has the following limitations:
  • Only syncs users from the Active Directory domain that the server belongs to or to a domain in the same AD forest that has the appropriate trust relationships established.
  • Only configured to sync users based on: LDAP filters (ex. a specific user class or attribute value), or AD security / distribution groups.
  • Will only handle up to 100,000 users max (approx.) using the default admin-less SQL Server 2014 Express LocalDB. Syncing more users requires an admin to manage their own database.
  • Has only been tested on Active Directory domains and forests at the Windows Server 2012 functional level.
  • Only allows customizing the following user-profile attributes' mapping rules: formatted name, and location; all other attributes will be mapped by default logic (see the Synchronized Attributes Reference table below for details).
  • Won't sync users that don't have an AD value for these 3 required Workplace fields: Email Address, Display name and Family name.
Was this information helpful?
This article is only applicable to users of Workplace Essential and Workplace Advanced.
AD Sync does a one-way batch replication of selected users' profile data. The AD Sync Component doesn't write back to your directory service. After you configure it to query AD for the set of users you'd like to give access to Workplace, AD Sync will run on a schedule every 3 hours to reconcile accounts between AD and Workplace.
Was this information helpful?