Sync from Active Directory/LDAP server

1. Sign in to Zoho Directory.
   

2. Go to Directory Stores, then click Add Directory.    

3. Click Add under Active Directory, then click Download.

Note: You must have added and verified a domain in Zoho Directory to download the "Sync agent". Click here to learn how to add and verify a domain in Zoho Directory.

4. Go to the location of the downloaded file. Install it in the Domain Controller (DC), or a system connected to the DC.  

5. Open the file named SyncTool.exe, which you can find in the installation path. After opening the tool, go to Zoho Sign-in.

6. Click Sign-in as admin.

7. Click the  icon adjacent to the Login URL to copy it. Note down the Verification Code, as you need to enter it manually in the later steps.

8. Open a browser, paste the copied Login URL in the search bar. You may be asked to sign in to your Zoho Directory account.

9.  Enter the Verification code when prompted. Click Verify.  

10. Click Accept to grant Zoho Directory the access to the data mentioned. You'll be signed in to the Sync Tool shortly.  

11. Go to LDAP Configuration, then sign in with the credentials of an LDAP user who has Read and Replicating Directory Changes permisisons. Sign in to all the required domains.

12. Choose the required OUs and objects to sync with Zoho.

            Note: You can check the users and groups that are eligible for sync by clicking View Count in Select OUs.

13. To further filter the objects to sync, go to Exclusion Rules, then click Add Rule. Select the type of objects to filter out, select the field name and exclusion criteria, then enter the values. Click Add.

14. Go to Attributes, then map the LDAP fields with the Admin Panel's fields. The list of attributes available to choose from is:

• Email ID

• Secondary Email

• SAM Account Name

• First Name

• Last Name

• Display Name

• Employee ID

• Job Title

• Department

• Work Location

• Date of Joining

• Reporting To

• Mobile

• Phone

• Website

• Fax

• Post Office Box

• Street Address

• City

• State

• Country

• Postal Code

15. If you have users without a domain-based custom email address, consider using the Replace Domain option under the Email Address attribute. Learn more about replacing the domain.
    
    
    

16. Go to Sync Settings, then set the following:

• Default Password: This one-time password will be used for all newly-created Zoho user accounts. Users will be prompted to set a new password during their first sign-in.

• User Settings: This setting dictates how the Sync Tool will handle user accounts deleted in the Active Directory server.

• Create LDAP Group: This setting creates a Zoho Directory collaboration group named after your Portal Name, for all users synced from AD through this tool.

• Create Groups for OUs: This setting creates a Zoho Directory collaboration group named after the OU, for each OU that is being synced.

• Sync Email Deletion: This setting dictates what happens when a user's secondary email address is deleted/edited in the AD server. If checked, the change is directly synced with Zoho Directory. If unchecked, delete actions are not synced; edit actions will add the updated email as a new secondary email address, and leave the old address intact.

17. Go to Directory Sync and review the list of all users and groups that are yet to be created, updated, or disabled. Click Sync.
    Note: You can see the status of all users and groups after the sync.