IDSync Agent Configuration

Owned by John Reed (Unlicensed)
Dec 01, 2020
3 min read

The IDSync Agent is designed to be installed on each Domain Controller.

Configuration is performed by logging into each Domain Controller, launching Windows Explorer, and navigating to C:\Program Files\IdentitySyncronizer

  • Right click on the file Syncronizer.Agent.Config

  • Choose Run as Administrator

  • Displays the Agent Configuration dialog

Required Configuration Steps

  • Enable Syncronization checkbox must be checked

  • Configure SQL Server connection information if the fields are blank

    • Enter the database server name and instance name if applicable

    • Enter the SQL login into Database User ID field

    • Enter SQL login password into the User ID Password field

    • Enter the database name

    • Select the Logging Level

      • No Logging

      • Standard Logging

      • Verbose Logging

    • Click the 3-dot ellipse at the right of the Database Server field

      • It should respond with a confirmation of valid SQL Server credentials

        • If the configuration is not valid, correct the data entry until it tests valid

Once the configuration is confirmed as valid, you can press the Install button which installs the service.

After the service is installed the button will change the label to Uninstall

Optional Configuration Steps

You may optionally, configure the agent to Exclude some Active Directory Users from syncronization. This prevents IDSync from logging certain users and their password changes as a higher level of security as they will never be processed by the agent and won’t appear in the IDSync SQL database.

The exclusion is based on a regular expression so it can match to more than one user account. And a checkbox to Ignore Case is available. In the example above, ^ad, any logon name beginning with the letters “ad” will be excluded.

Click “Apply” to save the exclusion pattern.

Note: The agent service must be restarted for the pattern to be active.

The pattern matching is performed against the AD User Login Name value from the Account tab.

 

Completion of Configuration

Click the OK button

If this is the initial installation of the service, the Domain Controller must be rebooted. And a popup reminder is provided, after clicking the OK or Apply button on the configuration dialog.

Final Steps

It is critical that all domain controllers are running the agent and are configured the exact same way or unpredictable results will result.

  • Any DC can handle an AD change like change password, so they all need the agent

  • All must be configured to point to the same SQL Server and database

  • If Exclusions are applied, each agent must be configured identically.