What is C2 Identity AD Sync?

C2 Identity AD Sync is an agent that synchronizes user/group information between Active Directory (AD) and C2 Identity. To integrate your AD with C2 Identity, you need to install this agent on a domain controller.

Specifications

System requirements

Windows Server 2008 R2 SP1 or above
PowerShell 5.1 or above

Limitations

Some of the supported Windows Server versions (e.g., Windows Server 2008 R2 SP1) include PowerShell 2.0 by default. To get a compatible version of PowerShell, install the .NET Framework and Windows Management Framework on your Windows Server.
C2 Identity AD Sync might not function properly on virtual machines.
C2 Identity currently only supports the integration of one directory service.
C2 Identity currently only supports one agent per integrated directory.

How C2 Identity AD Sync works

The following are the mechanisms of C2 Identity AD Sync (hereafter "agent"):

Update user/group information to C2 Identity: The agent sends information about all users/groups from the synchronized domain to C2 Identity every 90 seconds. Keep in mind that transferred information doesn't include organizational units (OUs), domain controllers, or AD-managed devices.
Retrieve user passwords from C2 Identity: When domain users update their passwords through C2 Identity's user portal, the changes are synchronized to the agent in real-time.

How user attributes are mapped to C2 Identity

Active Directory Attributes	C2 Identity Attributes
User logon name¹	Username²
E-mail³	Primary email
Display name	Display name
First name	First name
Last name	Last name
Password	Password
Description	Description
Office	Office
Telephone number	Work phone
Address	Address
Telephones - home	Home phone
Telephones - mobile	Mobile phone
Telephones - fax	Fax
Organization - job title	Job title
Organization - department	Department

Notes:

This is the user logon name introduced after Windows 2000. C2 Identity AD Sync maps only the prefixes of user logon names (the part before @) to Usernames in C2 Identity.
If the option Overwrite duplicate users and groups is selected during directory integration, C2 Identity users with the same username will be overwritten.
If an Active Directory user doesn't have an e-mail, its user logon name will be mapped to the Primary email in C2 Identity.

Further reading

Was this article helpful?

Yes ／ No