![]() We recommend that you set the service account you use to authorize AD Sync’s access to AD with a password that doesn’t expire if your security requirements allow this.Otherwise passwords may not replicate if they’re rejected by the destination directory’s complexity requirements. We recommend that you align password complexity requirements between AD and JumpCloud as closely as possible.Users or groups located in these containers that are made members of the JumpCloud ADI security group allow AD Sync to properly synchronize passwords and attributes associated with those users. To manage users in different OUs, we recommend that these OUs be located underneath the primary Root User container.This can be the default CN=Users container in AD or an alternate custom OU within the directory. For full bidirectional synchronization, we recommend that all Users and Groups be synchronized with JumpCloud, live under a single OU (Root User Container) in Active Directory.This function doesn’t support members of nested groups. ![]() Any user that is a member of this group and also a member of the JumpCloud group will be granted Admin/Sudo privileges on all device associations to which they are bound by default. This group isn’t synced to the JumpCloud Administrator Portal, but is used to identify any accounts that you want to be Global Administrators or Sudo users in JumpCloud. We recommend creating a security group named JumpCloud Admins.See Configure the ADI for this information.This user cannot be a domain admin, have the user name of “JumpCloud” or be a member of the above-mentioned JumpCloud ADI security group. An AD service account (standard domain user account) named “jcimport” has been created and has been granted Read all user information permissions using the Delegation of Control Wizard on the selected Root User container, or inherited from an OU further up in the hierarchy.This group is synced to your JumpCloud Administrator Portal and is indicated with an AD Integration icon. This is needed for full bidirectional synchronization and management. A JumpCloud ADI group has been created and is located in your designated Root User container in AD.Domain Controllers are prepared for Active Directory Integration (ADI):.Full bidirectional synchronization is facilitated by the use of both the AD Import and AD Sync agents. This agent allows password updates to be written back to AD from the JumpCloud Admin Portal, the JumpCloud User Portal, or any JumpCloud-managed device. ![]() Active Directory (AD) Sync provides one-way synchronization of passwords and other attributes from JumpCloud to AD.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |