Configure the Active Directory Connector v2
The Active Directory Connector (ADC) receives Active Directory user updates and automatically makes the same changes in your LogMeIn account. Setting up the ADC consists of adding permissions and Active Directory groups, as well as configuring additional optional settings.
Topics in this article:
To complete the steps below, you will need an admin account for Windows and a LogMeIn product admin account that is also an Organization Admin.
- Locate the Active Directory Connector Admin application (default location is C:\Program Files\Logmein\Active Directory Connector) and double-click ActiveDirectoryConnectorAdmin.exe to start the ADC. If prompted by User Account Control, click Yes to confirm, and the Active Directory Connector software will launch.
- In the "Active Directory permissions" section, click Link your Windows user account to the ADC serviceto establish permissions for the service on Windows.
- Enter your Windows credentials in DOMAIN\username format (e.g., LOGMEIN\admin) and click OK. If you want to use a different Windows domain account for the Active Directory Connector service, click Change user, then fill in your desired DOMAIN\username credentials and click OK to confirm.
- In the "LogMeIn permissions" section, log in with your LogMeIn admin account, which is required to also have an Organization Admin role. When prompted, click Allow to grant access to your LogMeIn account for the Active Directory Connector. Why am I getting an "Insufficient Permissions" error message?
- Once logged in, the user for each account is displayed. Click Save at the bottom of the window. Optionally, you can click Revert Changes to delete any modifications made since the last Save.
Next, you will need to add your Active Directory groups using the steps below.
You can add as many Active Directory groups as you need. Nested groups are added when you add the parent group. Once you add or remove Active Directory groups in the ADC, changes can be previewed before you decide to sync.
- Under Active Directory Groups, click Add. The Windows groups manager displays.
- Type in a group name in the Enter the object names... box and click Check Names. This verifies the group exists and is accessible. You can also use the Advanced option to locate groups by query.
- Click OK to add the group. Continue until you have added all required groups.
- If desired, you can click the Delete icon to remove a selected group.
Note: When you remove a group that has already been synced, any users in that group will remain in User Sync, but will lose their product entitlements.
- After each update, click Save at the bottom of the window. If needed, click Revert Changes to delete any modifications made since the last time you saved.
- When all of your groups have been added or removed, click Preview to view finalized changes, which include:
- Users addedrepresents new users that will be synced to a group in the ADC for the first time.
- Groups added represents new groups that will be synced in the ADC for the first time.
- Groups removed represents the groups that will be removed entirely from the ADC.
- Users added to group represents the users who will be added to at least one group in the ADC.
- Users removed from group represents the users who will be removed from at least one group in the ADC.
- Users removed from all groups represents the users who will not be associated with any groups in the ADC; these users will remain listed in User Sync but will lose their product entitlements.
- Once you have viewed the changes, choose from the following options:
- To accept these changes and run the ADC service, click Savethen click Yes. If you have saved the changes but click No when prompted to start the service, you will return to the ADC and your changes will remain saved, but you will need to click Start to manually start the ADC service.
- To reject the proposed changes, click Cancel to return to the ADC with unsaved changes.
Next, set your desired polling interval.
- In the "Options" section, enter the number of minutes you want the ADC to wait between polls.
- After each update, click Save at the bottom of the window. If desired, click Revert Changes to delete any modifications made since the last time you saved.
- Click Check connections to verify your permissions after all of your changes have been saved.
Next, you can choose to edit attribute mapping and manage your custom attributes, if desired. Otherwise, you can proceed to run the ADC.
User attributes are data fields in string format. The standard set that is available by default in the ADC – employeeNumber, costCenter, division, and department – can be used as-is, or mapped to custom fields you create in the Admin Center.
- On the ADC, click Edit Mapping in the "Options" section.
- Modify the attributes with your desired value(s), then click OK.
- After each update, click Save at the bottom of the ADC window. Alternatively, click Revert Changes to delete any modifications made since the last save.
Next, you can proceed to run the ADC v2.
Steps for setting up the Active Directory Connector v2 and managing users in User Sync:
- Review the Active Directory Connector v2
- Review the Active Directory Connector v2 requirements
- Set up an organization
- Install the ADC v2
- Configure the ADC v2
- Run the ADC v2
- Manage custom attributes (optional)
- Manage User Sync rules
- Update the ADC v2 to the latest version (if applicable)
- Troubleshoot the ADC v2 (if needed)