Skip to main content
All CollectionsMicrosoft 365Configure user provisioningAD/LDAP
Synchronize inSync users and user details with your AD/LDAP
Synchronize inSync users and user details with your AD/LDAP
Updated over 6 months ago

Overview

inSync administrators can configure inSync to automatically synchronize inSync user accounts and their details with the registered AD or LDAP.

Synchronize user details

inSync enables you to schedule an automatic update of user details at a defined interval. It is applicable for all the users imported in inSync using AD/LDAP Mappings.

The following information is automatically updated when you enable the Auto-update user details setting in inSync:

  • inSync user name

  • inSync user email address

  • inSync user AD/LDAP user name

The frequency for a scan is defined by Auto sync interval under AD/LDAP settings.


📝 Note

  • inSync updates the user name only if the CN (Common Name) or UPN of the user based on the AD/LDAP Mapping configuration.

  • You can only synchronize user details for whom you imported using your AD/LDAP. You cannot synchronize user details whom you added individually or through a CSV file.

  • When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.


Procedure

To enable automatic synchronization of inSync user details with your AD/LDAP,

  1. On the inSync Management Console, click Users > User provisioning. The User Provisioning page appears.

  2. In the summary section, click the three-dot menu and then click Edit.

  3. Select the Auto update user details check box.

  4. Click Save.

inSync now automatically, at the defined interval, queries your AD/LDAP for user details and updates it in inSync.

Synchronize inSync users

When configured, inSync automatically, at a defined interval, scans your AD/LDAP and performs the following actions:

  • Imports any new user added to AD/LDAP which matches the AD/LDAP mapping criteria and creates a new user in Druva inSync. Auto-import of users can be configured while creating the AD/LDAP mapping. For more information, see Import users from your AD/LDAP.

  • Updates user details of users managed using AD or LDAP. For more information, see Synchronize inSync user details with your AD/LDAP.

  • Preserves any inSync user who has been disabled in your AD/LDAP.

  • Identifies and enables users, who are currently preserved in inSync, but now enabled in AD/LDAP and fall under an AD/LDAP Mapping defined in inSync.

  • Deletes the preserved user accounts based on the Data Preservation settings defined in the profile associated with the user.

The frequency for the scan is defined by Auto sync interval under AD/LDAP settings.

Example

The following example helps you understand the synchronization of users in Druva inSync with your AD/LDAP.

Assume you are managing an AD user in inSync. The inSync profile associated with the user has the following Data Preservation settings:

  • Auto delete preserved users - Yes

  • Auto delete after - 45 days

The Auto-sync interval is set to 24 hours. If you disable the user in AD, when inSync scans your AD/LDAP as per the defined auto-sync interval, inSync preserves the user in inSync Management Console. If the user stays in the preserved state for the next 45 days, inSync checks the inSync Connector connection status, and if connected, deletes the preserved user.


📝 Note

  • You can only synchronize users whom you imported using your AD/LDAP. You cannot synchronize users whom you added individually or through a CSV file.

  • When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.

  • Only inSync users who are auto-preserved are marked as Active as part of the auto-sync process. Deleted users cannot be enabled again.

  • If a user account is preserved, such user account must be part of the AD/LDAP Mapping. If the preserved user account does not fall under any AD/LDAP mapping, it is automatically deleted based on the Data Preservation settings defined in the profile associated with the user account.

  • Before deleting user accounts that are managed using AD or LDAP, inSync checks the status of the inSync Connectors mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists.


Procedure

To enable automatic synchronization of inSync users with your AD/LDAP,

  1. On the inSync Management Console, click Manage > User Provisioning > Users. The User Provisioning page appears.

  2. In the summary section, click the three-dot menu and then click Edit.

  3. Select the Auto preserve unmapped users check box.

  4. Click Save.

Synchronize user with domain changes

After an synchronization with the IDP, the Druva database is updated with the latest user information, including email addresses, User Principal Names (UPNs), and other relevant details sourced from IDP. This synchronization process ensures that incremental backups for Exchange Online users continue to function correctly, even if their domain affiliations change, preventing backup failures due to such changes.


📝 Note

  1. If a domain or username is changed for a user account, but a new account with the same name as the previously changed one is created before synchronization completes, a data mismatch can occur. This results in the new user’s data being backed up in the latest snapshot, while the old user’s data remains in previous snapshots, leading to data from both users being present across different snapshots.

  2. This solution targets the Exchange Online Graph client API and does not cover the legacy APIs.


Did this answer your question?