Syncing accounts with Active Directory

If your company uses Active Directory, you can import user accounts from it and automatically create employee accounts in Yandex.Connect.

You can also set up a synchronization schedule in order to download regular data updates from Active Directory to Yandex.Connect.

Data export from Yandex.Connect to Active Directory is not supported.

To sync employee accounts with Active Directory, make sure that:

  • You have an administrator account for the company in Yandex.Connect.
  • A verified domain is linked to your company.
  • You have a username and password for an account with read access to Active Directory.
  • You have installed the Connect Directory Sync application for Windows.
Restriction. The application for syncing accounts with Active Directory is undergoing beta testing. If you want to participate in the testing, please fill in the form.

You can add up to 1000 accounts to one organization. If you need to add more, please contact support.

  1. Setting up synchronization with Active Directory
  2. How syncing works

Setting up synchronization with Active Directory

  1. Install the Connect Directory Sync application and launch it.
  2. Allow the application to access your company in Yandex.Connect.
  3. Set up an Active Directory connection.
  4. Configure the filters that will select users for syncing from Active Directory.
  5. On the Sync status tab in the Connect Directory Sync application, clickStart synchronization.
  6. To update data from Active Directory regularly, configure the synchronization schedule.

How syncing works

During synchronization, the Connect Sync Directory application looks for accounts in Active Directory that match the filters you set. Then Connect Directory Sync imports the following data from the accounts it found:

Active Directory account attribute Account field in Yandex.Connect
gn (givenName) Name
sn (surname) Surname
title Position
sAMAccountName Login
mail Mail
Active Directory account attribute Account field in Yandex.Connect
gn (givenName) Name
sn (surname) Surname
title Position
sAMAccountName Login
mail Mail
Note. The Connect Directory Sync application does not load user passwords from Active Directory.

If the gn, sn, sAMAccountName, or mail account attributes are left empty, the account will not be imported to Yandex.Connect.

The data from the found accounts is used to create or update employee accounts in Yandex.Connect:

  • If an account found has not been imported yet (for example, during the first synchronization), a new employee account will be created.

    The password for the created account will be generated automatically and sent to the email address loaded from the Active Directory account (the mail attribute).

  • If an account found has already been imported, the employee account will be updated.

  • If the account has been imported but not found during syncing, the employee account will be blocked.

    This might happen, for example, if you change the LDAP filter parameters. If you change the filter again so that the account appears in the search results, the employee account will be unblocked during the next synchronization.