2. Home
  4. Docs
  6. Getting Started
  8. Onboard Users
  10. Active Directory

Active Directory

Provide LDAP Path Domain (Example: pureauth.tech)

Enter your active directory Domain. In case of the below example, it is pureauth.local.

Provide Distinguished Name (DN) of Group or Organization Unit(OU)

  1. Create a Security group in AD for PureAUTH users.
  2. The users in this group will be visible to the puresync tool.
  3. Right click the group and go to “properties“.
  4. Copy the “distinguishedName” property from the Attribute Editor tab
  5. E.g CN=pureauth,DC=pureauth,DC=local

Configure the Mapping Attributes

PureSYNC has certain defaults for which properties it will map to the required 6 properties. You can change these to other fields by substituting the name of the desired attribute from the Attribute Editor. Here are the defaults:

  fullName: displayName
  corporateEmail: userPrincipalName
  personalEmail: mail
  phoneNumber: telephoneNumber
  groups: memberof
  roles: employeeType

AutoSYNC

PureSYNC has an autosync mode where it will look for any changes in AD and automatically SYNC those changes with the PureAUTH server. It supports autosync functionality on any domain joined machine. PureSYNC does not support autosync functionality on Domain controllers. To enable autosync for AD, please follow the following steps.

  1. Go to C:\Program Files\PureSync\config and open puresync.config in a text editor.
  2. Under the “keys” section, ensure the private and public keys have full path to the keys, instead of a relative path. e.g.
    • privateKey: E:\Shared\pureauth\org-private-key.pem (Full Path)
    • Instead of
    • privateKey: org-private-key.pem (Relative Path)
  3. If the keys have a relative path, please enter the full path of the keys.
  4. Open an Administrator command prompt which has domain admin privileges.
  5. Confirm that you have previously generated kdsrootkey for Managed accounts.
  6. If kdsrootkey is not present, use command add-kdsrootkey and wait 10 hours for the changes to take effect. Ref: Microsoft: Add kds Key.
  7. Warning: Not having KDS-rootkey will result in “Server Unwilling” errors.
  8. Run command:
puresync autosync install
  1. If successful, please restart the machine.
  2. Re-open the Administrator command prompt and run command:
puresync autosync start
Was this article helpful to you? Yes No