What is C2 Identity AD Sync?
What is C2 Identity AD Sync?
C2 Identity AD Sync is an agent that synchronizes user/group information between Active Directory (AD) and C2 Identity. To integrate your AD with C2 Identity, you need to install this agent on a domain controller.
Specifications
System requirements
- Windows Server 2008 R2 SP1 or above
- PowerShell 5.1 or above
Limitations
- Some of the supported Windows Server versions (e.g., Windows Server 2008 R2 SP1) include PowerShell 2.0 by default. To get a compatible version of PowerShell, install the .NET Framework and Windows Management Framework on your Windows Server.
- C2 Identity AD Sync might not function properly on virtual machines.
- C2 Identity currently only supports the integration of one directory service.
- C2 Identity currently only supports one agent per integrated directory.
How C2 Identity AD Sync works
The following are the mechanisms of C2 Identity AD Sync (hereafter "agent"):
- Update user/group information to C2 Identity: The agent sends information about all users/groups from the synchronized domain to C2 Identity every 90 seconds. Keep in mind that transferred information doesn't include organizational units (OUs), domain controllers, or AD-managed devices.
- Retrieve user passwords from C2 Identity: When domain users update their passwords through C2 Identity's user portal, the changes are synchronized to the agent in real-time.
How user attributes are mapped to C2 Identity
Active Directory Attributes |
C2 Identity Attributes |
---|---|
User logon name1 |
Username2 |
E-mail3 |
Primary email |
Display name |
Display name |
First name |
First name |
Last name |
Last name |
Password |
Password |
Description |
Description |
Office |
Office |
Telephone number |
Work phone |
Address |
Address |
Telephones - home |
Home phone |
Telephones - mobile |
Mobile phone |
Telephones - fax |
Fax |
Organization - job title |
Job title |
Organization - department |
Department |
Notes:
- This is the user logon name introduced after Windows 2000. C2 Identity AD Sync maps only the prefixes of user logon names (the part before @) to Usernames in C2 Identity.
- If the option Overwrite duplicate users and groups is selected during directory integration, C2 Identity users with the same username will be overwritten.
- If an Active Directory user doesn't have an e-mail, its user logon name will be mapped to the Primary email in C2 Identity.