ADコネクタのよくある質問

When do I use an AD Connector?

The inSync AD Connector enables you to integrate your organization’s Active Directory (AD) with inSync and automate the following tasks:

Create and manage users on inSync. (This is applicable only for user import.)
On-boarding users with AD Mapping
- Real-time import and automated, periodic import
- Optional notifications to users
Real-time, automated, and periodic off-boarding users with AD Mapping
Allow users to use their AD credentials for logging on to inSync Web
Manually activate devices by using the user's AD credentials
Activation of device by using Integrated Mass Deployment.

Go to top

How do I set up an AD Connector?

You can install the inSync AD Connector on any Windows computer within your organization’s firewall. You must ensure that the AD Connector can connect to the AD and to inSync Cloud.

|View larger image|

As the diagram illustrates, after the AD Connector installation, the connection between the AD Connector and inSync Cloud will be a persistent one. However, the AD Connector will connect to the AD Server only when required.

For detailed instructions on how to download, install, and configure the AD Connector, see Registering an Active Directory.

Go to top

Which ports does the AD Connector use?

The following table lists the ports that the AD connector uses.

Port Number	Used By
443	AD Connector with inSync Cloud. Note: If you do not want to use port 443, you can configure other available ports. For more information, contact Druva Support.
389 (Internal port)	LDAP
3268 (Internal port)	LDAP on global catalog
636 (Internal port)	Secure LDAP
3269 (Internal port)	Secure LDAP on global catalog

Go to top

Can I configure any other port for communication between AD Connector and inSync Cloud?

Yes. Any of the following available ports can be configured for communication between AD Connector with inSync Cloud, instead of the default port 443.

80
6061

To change your configuration, contact Druva Support.

Go to top

Why am I asked for access details of my AD Server?

To be able to create inSync users and authenticate users on inSync Web, inSync Cloud must be able to send certain queries and fetch the required information from your AD Server. Therefore, it requires read-only access details for the AD Server. The access details are used by the inSync AD Connector to fetch the requisite details from your AD Server. It cannot make any changes to your AD.

You can check the logs on your AD to verify the queries sent by inSync Cloud.

Go to top

Can others access my AD Server information?

No. Any information that you provide on inSync Cloud is protected by the enterprise-grade security features of inSync. By proper compartmentalization and encryption using 256 AES encryption keys, we create a virtual private cloud for each of our customers. In addition, by using 2-factor encryption key management and authentication, we make it impossible for anybody except you to access your information.

For more information on inSync’s enterprise-class security features, see the white paper on Druva inSync Security.

Go to top

Will the AD Connector stay connected with my AD Server?

No. The inSync AD Connector connects with the AD Server only when required. The different use cases for the AD Connector are as follows.

During AD Mapping creation: You must create AD Mapping if you want to create inSync users by importing their details from the AD Server. When creating AD Mapping, inSync Cloud queries the AD server to retrieve the name of the Base DN, Organizational Units, and Groups. The AD Connector facilitates the communication. For information on creating AD Mapping, refer to Creating an AD Mapping.
When importing user details: When you are creating users by importing their details from the AD Server, inSync Cloud fetches the user details from the AD Server. The communication is facilitated by the AD Connector. If inSync Cloud is configured to fetch user details periodically, it sends its query to the AD Connector once every 24 hours by default. For more information importing user details from AD, refer to Auto-import users from your AD/LDAP.
When manually activating the inSync Client: When you activate the inSync Client manually by using AD credentials, inSync Cloud will send a verification request to the AD Server through the AD Connector.
When authenticating users on inSync Web: If a user, who is configured to use his AD credentials for inSync, tries to log on to inSync Web, inSync Cloud will send a verification request to the AD Server through the AD Connector.
When activating device by using the Integrated Mass Deployment (IMD) feature - When device activation is performed through IMD, inSync Cloud fetches the user details from the AD Server through AD Connector.

Go to top

What type of data will inSync Cloud fetch from my Active Directory?

The following table explains the type of data will be fetched from your AD for each use case. It also explains the data size and the observed frequency for each use case.

Use Case	Data fetched	Data size	Frequency
During AD Mapping creation	Names of the Base DN, Organizational Units, and Groups. Three queries are sent to the AD to fetch these details.	Negligible.	Creation of AD Mapping is generally a one-time activity
When importing user details	Email, department, country code, common name, logon name of the user.	Approx. 1 MB for 10,000 users	For periodic imports, one query every 24 hours by default.
When activating inSync Client during the mass deployment process	If user has not been created at the time of activation, group information, email, department, country code, common name, and logon name of the user.	Negligible	One query for each user.
When authenticating users on inSync Web	Verification for password match.	Negligible	Rare

Go to top

How secure is my data?

The following diagram explains the data flow between the inSync Cloud, AD Connector, and the AD Server.

|View larger image|

As illustrated in the diagram:

All communication between the inSync Cloud and the AD Connector are encrypted using TLS.
All communication between the AD Connector and the AD Server are protected because they are happening inside your organization’s firewall.
All communication between the AD Connector and the AD Server can be encrypted if you are using LDAPS for your AD Server.

Go to top

Is my AD server data stored anywhere?

The following table explains when and where the data fetched from your AD Server will be stored.

Use Case	Data fetched	Where data is stored
During AD Mapping creation	Names of the Base DN, Organizational Units, and Groups. Three queries are sent to the AD to fetch these details.	Data is encrypted using AES-256 and stored on inSync Cloud.
When importing user details	Email, department, country code, common name, and logon name of the user.	Data is encrypted using AES-256 and stored on inSync Cloud.
When activating inSync Client during the mass deployment process	If user has not been created at the time of activation, group information, email, department, country code, common name, and logon name of the user.	Data is encrypted using AES-256 and stored on inSync Cloud.
When authenticating users on inSync Web	Verification for password match.	Not stored.

Go to top

What is the process for a manual user device activation by using the AD credentials?

The following diagram illustrates the process for a manual user device activation by using AD credentials.

|View larger image|

What is the process for the integrated mass deployment (IMD) user device activation?

The following diagram illustrates the process for the IMD user device activation.

|View larger image|

Go to top

What happens if I stop the AD Connector service?

As explained earlier, there are very few use cases for an AD Connector. Only those use cases will be affected if you stop the AD Connector service. The AD Connector does not have any impact on backups to and restores from inSync Cloud.

Stopping the AD Connector will have the following impact:

Users will not be able to log on to inSync Web.
If you are activating a user device manually for users who are using AD authentication, the inSync client will not be activated because the authentication fails.
If you are activating a user device by using the Integrated Mass Deployment (IMD) feature, inSync Client activation will fail, because inSync Cloud will not be able to access AD Server to fetch the user details.

Go to top

Where do I see the current status of AD Connector service?

To view the current status of AD Connector service

Log on to inSync Master Console.
On the Admin Console menu bar, click > Settings.
The Settings page appears.
Click the AD Accounts tab. You can view the current status of AD Connector service.

SUPPORT community

support Resources

More links

Support Contacts

Questions

Answers

When do I use an AD Connector?

How do I set up an AD Connector?

Which ports does the AD Connector use?

Can I configure any other port for communication between AD Connector and inSync Cloud?

Why am I asked for access details of my AD Server?

Can others access my AD Server information?

Will the AD Connector stay connected with my AD Server?

What type of data will inSync Cloud fetch from my Active Directory?

How secure is my data?

Is my AD server data stored anywhere?

What is the process for a manual user device activation by using the AD credentials?

What is the process for the integrated mass deployment (IMD) user device activation?

What happens if I stop the AD Connector service?

Where do I see the current status of AD Connector service?

SUPPORT community

support Resources

More links

Support Contacts