IDSync Agent Configuration
The IDSync Agent is designed to be installed on each Domain Controller.
Configuration is performed by logging into each Domain Controller, launching Windows Explorer, and navigating to C:\Program Files\IdentitySyncronizer
Right click on the file Syncronizer.Agent.Config
Choose Run as Administrator
Displays the Agent Configuration dialog
Required Configuration Steps
Enable Syncronization checkbox must be checked
Configure SQL Server connection information if the fields are blank
Enter the database server name and instance name if applicable
Enter the SQL login into Database User ID field
Enter SQL login password into the User ID Password field
Enter the database name
Select the Logging Level
No Logging
Standard Logging
Verbose Logging
Click the 3-dot ellipse at the right of the Database Server field
It should respond with a confirmation of valid SQL Server credentials
If the configuration is not valid, correct the data entry until it tests valid
Once the configuration is confirmed as valid, you can press the Install button which installs the service.
After the service is installed the button will change the label to Uninstall
Optional Configuration Steps
You may optionally, configure the agent to Exclude some Active Directory Users from syncronization. This prevents IDSync from logging certain users and their password changes as a higher level of security as they will never be processed by the agent and won’t appear in the IDSync SQL database.
The exclusion is based on a regular expression so it can match to more than one user account. And a checkbox to Ignore Case is available. In the example above, ^ad, any logon name beginning with the letters “ad” will be excluded.
Click “Apply” to save the exclusion pattern.
Note: The agent service must be restarted for the pattern to be active.
The pattern matching is performed against the AD User Login Name value from the Account tab.
Completion of Configuration
Click the OK button
If this is the initial installation of the service, the Domain Controller must be rebooted. And a popup reminder is provided, after clicking the OK or Apply button on the configuration dialog.
Final Steps
It is critical that all domain controllers are running the agent and are configured the exact same way or unpredictable results will result.
Any DC can handle an AD change like change password, so they all need the agent
All must be configured to point to the same SQL Server and database
If Exclusions are applied, each agent must be configured identically.