What is Active Directory?
Active Directory (AD)
by Microsoft is a domain management system for centralized networks. Using AD, you can add users, define their privilege, store and manage information, and authorize and authenticate user accounts.
What is Zoho Directory?
Zoho Directory (ZD)
is a centralized user directory that initiates synchronization of user accounts and passwords stored in your AD account. This way, all the user data can be organized and maintained in a common directory.
- Only the administrator can perform the synchronization between AD and ZD.
-
As it is a one-way synchronization, the data in your LDAP server never gets altered.
-
ZD initiates a scheduled synchronization and is always secure.
Access Privilege
Only the organization's administrator can perform synchronization using Zoho Directory.
Admin and Service Admin users will be able to access Zoho Directory.
How does it work?
ZD uses
Lightweight Directory Access Protocol (LDAP)
for synchronizing user data. A query is sent via LDAP to your Zoho account to compare the user data in AD and ZD accounts. A sync is initiated to balance the user accounts in Zoho with that of AD.
General requirements
-
A Qntrl account.
-
Domain name of your company.
System requirements
-
Before installing Zoho Directory, there are a few system requirements to be met:
-
Browser - Internet Explorer 9 or above.
-
Operating System - Windows 7 or above.
-
Microsoft C++ Runtime redistributable 2010 or higher.
-
.NET Framework 4.0 and above. If a higher version is installed, make sure that .NET Framework 4.0 is also installed in PDC and the local system.
-
Administrative privilege for the entire domain. We recommend a network connection to your Zoho domain with no proxy or firewall.
-
A minimum of 512 MB RAM is required. If your company has more than 10k employees, a RAM of 1GB or higher will help in a faster sync.
Initializing Zoho Directory
Associate account and users
-
Navigate to
and
select
Zoho
Directory
under
User Management.
-
Click
Sync.
-
Zoho Directory (directory.zoho.com) will open in a new tab.
-
Click
Get Started.
-
To associate your account and users with ZD, click
Yes, Associate.
-
Once your account is associated, a success message will be displayed.
-
Click
Manage
Application
to manage users in your organization.
SAML Authentication
SAML (Security Assertion Markup Language)
allows users to log in using a single sign-on setup.
To configure SAML authentication:
-
In the Zoho Directory page, select
Organization
from the left panel.
-
Click the
Setup
button.
-
Configure the details and click
Save.
Verify your domain
Before installing ZD, you will have to add and verify the domain name of your company.
-
In the Zoho Directory page, select
Domains
from the left panel.
-
Click the
Add
Domain
button.
-
Enter the domain name of your company.
-
You can verify your domain using TXT or CNAME methods. Follow the mentioned steps and click the
Verify
button to initialize verification.
Once the domain is verified, you can download the Zoho Directory Sync tool.
In the Zoho Directory window:
-
Select
Active
Directory
from the left panel.
-
Click
Download
.
The Zoho Directory sync file named
ZohoDirectorySync.msi
will be downloaded.
Once the download is complete, run the application and follow the steps mentioned in the installation wizard to install the tool to your machine.
Steps to install Zoho Directory
1. Installation
Once the sync tool is installed, a Welcome window will be displayed. Click
Next
to proceed.
2. Zoho Settings
-
Click the
Authorize with Zoho
button.
-
The new window will be redirected to accounts.zoho.com, where an OAuth token will be generated. This token can be used to handle further requests.
Upon successful login, the admin and organization details will be displayed in the tool.
- Only users with permission to use Admin Console (Admin user) will be able to install the tool.
-
If there is an error connecting with the server, you may have to authorize using proxy settings.
-
The current admin of the organization will have ownership and authorization privilege of Zoho Directory Sync. To change admin privileges, the current admin will have to
Re-Authorize
the ownership to the new admin.
3. LDAP Credentials
-
Fill in the domain details and click
Add
.
-
Domain Controller names must be comma-separated and fully qualified.
-
A list of domains will be displayed.
-
You can include your domain by clicking the
Add
Domain
button.
4. Sync Preferences
Synchronization rules can be set here. This section spans further into four different sub sections.
4.1 Filter OUs/Users
-
Click
Add
OU's
to add organizational units.
-
Fill in the details and click
Submit
.
-
You can choose single or multiple DNs to apply the query.
4.2 Exclusion Rules
You can add rules based on criteria here. This rule will be taken into account when synchronization takes place.
-
Click
Add
Rule
.
-
Fill in the details and click
Submit
.
4.3 Attribute Definition
You can select attributes here. The synchronization will take place based on the configured attributes.
To edit an attribute:
-
Hover over an attribute and click
.
-
Make the required changes and click
Save
.
4.4 Sync Settings
Sync settings allow you to configure the action to be done when accounts are deleted or disabled from the LDAP server. Enter the details and click
Save
.
5. Directory Sync
Directory sync allows you to choose users or groups that needs to be included in the sync.
-
Users to update:
Users updated in the LDAP server are listed here. Click to
Sync
the attributes with ZD.
-
Users to create:
New users from LDAP results are listed here. Choose the users to be added to ZD, then click
Sync
.
-
Users to disable:
Users not available in the LDAP results are listed here.
-
Groups to update:
Groups updated in the LDAP server are listed here. Click to
Sync
the attributes with ZD.
-
Groups to create:
New users from LDAP results are listed here. Choose the users to be added to ZD, then click
Sync
.
-
Groups to disable:
Groups not available in the LDAP results are listed here.
6. Password Sync
Password Sync allows end-users to have a single identity, subject to a single password policy, across various systems and applications.
Requirements
:
-
The Password Sync tool must be installed on all the domain controllers in a domain including the primary domain controller.
-
The domain controllers must have been a Full installation instead of a Server Core installation.
-
The domain controllers must have the Microsoft .NET Framework 2.0 or 3.5 profile installed. Even if you have a higher version, please make sure you have .NET Framework 2.0 or 3.5 is also installed.
-
Make sure the Message Queuing service is enabled and running before starting the installation of the password sync tool.
If users were added before installing the Password Sync agent, default passwords will be given to them. Users can initially log in using the default password, which can be changed later.
Once the Password Sync agent is installed, the passwords of the newly added users will be synchronized with the Active Directory. However, the passwords of the existing users will not be read.
All user passwords can be synced only if the users change their account passwords. The new passwords get synced with the Active Directory.
7. Schedule Sync
You can set the frequency in which the sync must be scheduled. The sync will be triggered automatically in the configured sync interval.
8. Reports
Reports list the history of all the synchronizations. Status of every synchronization can be viewed here. In case a sync fails, you can retry the action.
9. Settings
You can customize proxy settings here.
Troubleshooting
-
Zoho Directory supports only one account for each user. Even if a user is a part of multiple organizations in Qntrl, user data in the directory can hold only a single organization's details.
-
Qntrl service for an organization in ZD can be handled only by a single user (preferably Admin). Once a user is a part of a Qntrl service in ZD, they will be linked with the current Qntrl organization. For users part of multiple organizations, an error will be encountered if more than one Admin tries to sync the user's data.