Skip to main content
My preferencesSign out
Proofpoint, Inc.

Synching users and groups from Active Directory

Situation Proofpoint Essentials AD Sync Tool allows organizations using Active Directory to import and/or synchronize users and functional accounts
Summary

See below article for information on:

  • Proofpoint Essentials AD Sync Tool
  • Active Directory Sync Summary
  • Sync Exemptions

About Active Directory

Active Directory is Microsoft’s cloud-based directory and identity management service. For more information please see: https://docs.microsoft.com/en-us/windows/desktop/ad/about-active-directory-domain-services

About Proofpoint Essentials AD Sync Tool

Proofpoint Essentials AD Sync Tool allows organizations using Active Directory to import and/or synchronize users and groups from Office 365 directly to their account. 

Prerequisites

In order to configure Active Directory and Proofpoint Essentials you will need the following:

  • Active Directory URL or IP Address (This URL or IP has to be externally accessible)
  • Read-only Account for access (username, password)
  • What port to use
  • Base DN value

You may need to open firewall ports to accept incoming LDAP requests. Please refer to Connection Details for a complete list of external IP addresses.

CONFIGURE PROOFPOINT ESSENTIALS

  1. Sign-in to the Proofpoint Essentials user interface.
  2. Navigate to Company Settings > Import Users > Active Directory.
  3. Choose the desired default role from the dropdown.

A silent user will receive a quarantine digest report but will be unable to login to the user interface.

An end user will receive a quarantine digest report and will receive a welcome email from Proofpoint to login to the user interface.

  1. Enter the Active Directory URL.
  2. Enter the Username and Password of the read-only user account Proofpoint will use to connect to your environment.
  3. Choose the Port that should be used to establish a connection (Port 636 is recommended).
  4. Enter the Base DN value to query your Active Directory forest.
  5. Choose What to Sync
    • Active Users
    • Disabled Accounts
    • Functional Accounts
    • Security Groups
    • Include items hidden from the GAL (Global Address List)
  6. Choose How to sync accounts.
    • Add
      • Create new user accounts and groups
    • Sync Updated Accounts
      • update existing user accounts and groups
    • Delete Removed Accounts
      • Remove accounts from Proofpoint Essentials that are no longer found in Active Directory
  7. Choose When to Sync accounts.
    • You can choose to sync never (which you would need to run manually) or every 1, 3, 6, 12 or 24 hours
  8. Click Save.
  9. Click Search Now.
  10. Verify the user and group objects that were identified in your Active Directory account.
  11. Click Sync Active Directory.

Active Directory Sync Summary

The Active Directory Sync summary page allows you to view all changes related to your current Essentials account and your Active Directory account. You can use this summary page to:

  1. Verify user and group sync connection.
  2. Verify user and group sync counts.
  3. Identify accounts for sync exemption.
Section Description
Adding This table will display all user objects that will be added to your Essentials account.
Updating This table will display all user objects that will be updated on your Essentials account.
Disabling This table will display all user objects that will be disabled on your Essentials account.
Deleting This table will display all user objects that will be deleted from your Essentials account.
Exempt from sync This table will display all user objects that have been identified as exempt from changes due to a sync.

Sync Exemption

You may need to identify a user or functional account to be exempt from sync.

For example: You may wish to convert a user account to a functional account in Essentials. Yet, when you perform the sync, AD will force the it back to a user account. You can choose to exempt these accounts from the sync process and therefore preserve the Essentials setting.

Not properly exempting users/accounts could result in billing/licensing numbers being higher than expected

Adding a user account for Exemption

  1. While on the Active Directory Sync Summary page, expand the Adding or Updating table.
  2. Check the checkbox next to the object(s) you wish to exempt.
  3. Click Exempt Selected.
  4. Click Sync Active Directory
The object will be removed from the selected table and be moved to Exempt from sync table. It will no longer be subject to AD changes.

Removing a user account from Exemption

  1. While on the Active Directory Sync Summary page, expand the Exempt from sync table.
  2. Identify the object you wish to remove from exemption,.
  3. Click Add to Sync.
  4. Click Sync Active Directory
The object will be removed from the exemption table and no longer be exempt from AD changes.