ADコネクタのよくある質問
inSync Cloud Editions: Elite Plus
Elite
Enterprise
Business
Questions
- When do I use an AD Connector?
- How do I set up an AD Connector?
- Which ports does the AD Connector use?
- Can I configure any other port for communication between AD Connector and inSync Cloud?
- Why am I asked for access details of my AD server?
- Can others access my AD Server information?
- Will the AD Connector stay connected with my AD Server?
- What type of data will inSync Cloud fetch from my Active Directory?
- How secure is my data?
- Is my AD Server data stored anywhere?
- What happens if I stop the AD Connector service?
- Where do I see the current status of AD Connector service?
Answers
When do I use an AD Connector?
The inSync AD Connector enables you to integrate your organization’s Active Directory (AD) with inSync and automate the following tasks:
- Create and manage users on inSync. (This is applicable only for user import.)
- On-boarding users with AD Mapping
- Real-time import and automated, periodic import
- Optional notifications to users
- Real-time, automated, and periodic off-boarding users with AD Mapping
- Allow users to use their AD credentials for logging on to inSync Web
- Manually activate devices by using the user's AD credentials
- Activation of device by using Integrated Mass Deployment.
How do I set up an AD Connector?
You can install the inSync AD Connector on any Windows computer within your organization’s firewall. You must ensure that the AD Connector can connect to the AD and to inSync Cloud.
As the diagram illustrates, after the AD Connector installation, the connection between the AD Connector and inSync Cloud will be a persistent one. However, the AD Connector will connect to the AD Server only when required.
For detailed instructions on how to download, install, and configure the AD Connector, see Registering an Active Directory.
Which ports does the AD Connector use?
The following table lists the ports that the AD connector uses.
Port Number | Used By |
---|---|
443 |
AD Connector with inSync Cloud.
|
389
(Internal port) |
LDAP |
3268 (Internal port) |
LDAP on global catalog |
636 (Internal port) |
Secure LDAP |
3269 (Internal port) |
Secure LDAP on global catalog |
Can I configure any other port for communication between AD Connector and inSync Cloud?
Yes. Any of the following available ports can be configured for communication between AD Connector with inSync Cloud, instead of the default port 443.
- 80
- 6061
To change your configuration, contact Druva Support.
Why am I asked for access details of my AD Server?
To be able to create inSync users and authenticate users on inSync Web, inSync Cloud must be able to send certain queries and fetch the required information from your AD Server. Therefore, it requires read-only access details for the AD Server. The access details are used by the inSync AD Connector to fetch the requisite details from your AD Server. It cannot make any changes to your AD.
You can check the logs on your AD to verify the queries sent by inSync Cloud.
Can others access my AD Server information?
No. Any information that you provide on inSync Cloud is protected by the enterprise-grade security features of inSync. By proper compartmentalization and encryption using 256 AES encryption keys, we create a virtual private cloud for each of our customers. In addition, by using 2-factor encryption key management and authentication, we make it impossible for anybody except you to access your information.
For more information on inSync’s enterprise-class security features, see the white paper on Druva inSync Security.
Will the AD Connector stay connected with my AD Server?
No. The inSync AD Connector connects with the AD Server only when required. The different use cases for the AD Connector are as follows.
- During AD Mapping creation: You must create AD Mapping if you want to create inSync users by importing their details from the AD Server. When creating AD Mapping, inSync Cloud queries the AD server to retrieve the name of the Base DN, Organizational Units, and Groups. The AD Connector facilitates the communication. For information on creating AD Mapping, refer to Creating an AD Mapping.
- When importing user details: When you are creating users by importing their details from the AD Server, inSync Cloud fetches the user details from the AD Server. The communication is facilitated by the AD Connector. If inSync Cloud is configured to fetch user details periodically, it sends its query to the AD Connector once every 24 hours by default. For more information importing user details from AD, refer to Auto-import users from your AD/LDAP.
- When manually activating the inSync Client: When you activate the inSync Client manually by using AD credentials, inSync Cloud will send a verification request to the AD Server through the AD Connector.
- When authenticating users on inSync Web: If a user, who is configured to use his AD credentials for inSync, tries to log on to inSync Web, inSync Cloud will send a verification request to the AD Server through the AD Connector.
- When activating device by using the Integrated Mass Deployment (IMD) feature - When device activation is performed through IMD, inSync Cloud fetches the user details from the AD Server through AD Connector.
What type of data will inSync Cloud fetch from my Active Directory?
The following table explains the type of data will be fetched from your AD for each use case. It also explains the data size and the observed frequency for each use case.
Use Case |
Data fetched |
Data size |
Frequency |
---|---|---|---|
During AD Mapping creation |
Names of the Base DN, Organizational Units, and Groups. Three queries are sent to the AD to fetch these details. |
Negligible. |
Creation of AD Mapping is generally a one-time activity |
When importing user details |
Email, department, country code, common name, logon name of the user. |
Approx. 1 MB for 10,000 users |
For periodic imports, one query every 24 hours by default. |
When activating inSync Client during the mass deployment process |
If user has not been created at the time of activation, group information, email, department, country code, common name, and logon name of the user. |
Negligible |
One query for each user. |
When authenticating users on inSync Web |
Verification for password match. |
Negligible |
Rare |
How secure is my data?
The following diagram explains the data flow between the inSync Cloud, AD Connector, and the AD Server.
As illustrated in the diagram:
- All communication between the inSync Cloud and the AD Connector are encrypted using TLS.
- All communication between the AD Connector and the AD Server are protected because they are happening inside your organization’s firewall.
- All communication between the AD Connector and the AD Server can be encrypted if you are using LDAPS for your AD Server.
Is my AD server data stored anywhere?
The following table explains when and where the data fetched from your AD Server will be stored.
Use Case |
Data fetched |
Where data is stored |
---|---|---|
During AD Mapping creation |
Names of the Base DN, Organizational Units, and Groups. Three queries are sent to the AD to fetch these details. |
Data is encrypted using AES-256 and stored on inSync Cloud. |
When importing user details |
Email, department, country code, common name, and logon name of the user. |
Data is encrypted using AES-256 and stored on inSync Cloud. |
When activating inSync Client during the mass deployment process |
If user has not been created at the time of activation, group information, email, department, country code, common name, and logon name of the user. |
Data is encrypted using AES-256 and stored on inSync Cloud. |
When authenticating users on inSync Web |
Verification for password match. |
Not stored. |
What is the process for a manual user device activation by using the AD credentials?
The following diagram illustrates the process for a manual user device activation by using AD credentials.
What is the process for the integrated mass deployment (IMD) user device activation?
The following diagram illustrates the process for the IMD user device activation.
What happens if I stop the AD Connector service?
As explained earlier, there are very few use cases for an AD Connector. Only those use cases will be affected if you stop the AD Connector service. The AD Connector does not have any impact on backups to and restores from inSync Cloud.
Stopping the AD Connector will have the following impact:
- Users will not be able to log on to inSync Web.
- If you are activating a user device manually for users who are using AD authentication, the inSync client will not be activated because the authentication fails.
- If you are activating a user device by using the Integrated Mass Deployment (IMD) feature, inSync Client activation will fail, because inSync Cloud will not be able to access AD Server to fetch the user details.
Where do I see the current status of AD Connector service?
To view the current status of AD Connector service
- Log on to inSync Master Console.
- On the Admin Console menu bar, click
> Settings.
The Settings page appears. - Click the AD Accounts tab. You can view the current status of AD Connector service.