CloudPanel ADSync was introduced in version 3.2.315.0 and provides a way for you to keep a customer’s on-site Active Directory Domain Controller in sync with your CloudPanel environment.
The current version of this sync utility can sync user attributes such as first name, last name, address, and even passwords.
The first thing you must do is enable ADSync in CloudPanel for that customer. Once you go to the customer you will see a AD Sync link on the left side which will bring you to this page.
The API key is going to be used in the installer when you install the software on the client’s domain controllers. You must also provide the client’s public IP because ClouDPanel uses the API Key and the source IP to allow access.
Below are some of the options available:
- Sync precedence: This allows you to choose rather the data in CloudPanel is the accurate data or the local domain controller. Choosing the source will allow you to make sure that the destination is up to date with the data from the source.
- IP Addresses: This must be the public IP’s from the client’s network. You can enter multiple by providing a comma separated list
- Email Notifications: The email that will receive notifications about syncing issues
- Sync Options: Currently you can only update users but we will soon allow it to sync created and deleted users.
- Update Documentation Password: When a password is changed on the client domain controller, this will allow you to store this password in the Documentation section which will be encrypted in the database. This is NOT recommended.
Prep Customer Server
In order to implement CloudPanel ADSync, you must first prep the customer domain controller:
- Make sure that the “Passwords must meet complexity requirements” policy setting is enabled in Group Policy
- Make sure the “Mail” field in the Active Directory user is populated. This is how the sync utility matches users in CloudPanel
During the install you must provide the URL to where your CloudPanel instance is installed, the company code for the company, the API key and choose to log Information, Warnings and Errors.
It is recommended to use your RMM software to monitor that the CloudPanel Sync Service remains running. If the service stops, then data will not be synced between environments
The sync service on the customer side will log errors to the event viewer and changes that are made in CloudPanel will be logged in the audit trail which you can view on the company overview page.
Passwords not being captured
If you have an issue with the password filter not working, you may need to check that the DLL actually loaded in the system after the reboot. To check that the DLL loaded, please go to System Information and check on the Loaded Modules. You should see a “pwdsyncfilter” listed: