General Support
      Back to home
      1. Knowledge Base
      2. General Support

      How do I set up a batch file to run Directory Sync?

      Below is an example of the contents of a batch file to run our directory sync application:

      The following command can be used to initiate the Directory Sync process:

      DirectorySync -ln={Application Key Identifier} -lp={Application Key} -add=domain.com -adf=(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn=2fa_users,ou=groups,ou=myou,dc=domain,dc=com) -restendpoint={Authentication Server Rest Endpoint}  -syncapi=REST -syncsource=AD

      (the above is all one line)

      To configure the command for your specific setup, you will need to provide the relevant information in different parameters. For instance, you should replace "{Application Key Identifier}" with the actual identifier for your API key, and "{Application Key}" with the corresponding API key itself. It is important to note that the Application Key you use must have the necessary Directory Sync permission. If you would like to learn more about Application (API) Keys, you can find additional information here.

      The {Authentication Server Rest Endpoint} is the REST endpoint of the authentication server. The endpoint URL is specified in the following format:

      https://{Authentication Server Rest Endpoint}/api/mfa/v1

      Prior to release 23.1 the REST endpoint  is:

      https://{Authentication Server Rest Endpoint}/AuthServer/REST/OATH/OathServer.aspx

      For example, if you were targeting SurePassID cloud the endpoint would use: 

      https://mfa.surepassid.com/AuthServer/REST/OATH/OathServer.aspx

      The highlighted portion, indicated as "adf", provides an illustration of how to locate a specific user within the "2fa_users" group in the "myou" organizational unit (OU) within the Active Directory (AD) domain "domain.com". This example demonstrates the process of searching for the user in the directory synchronization application.

      To ensure regular synchronization, it is recommended to configure a scheduled task that runs a batch file containing the DirectorySync command. Alternatively, you can choose to run the process continuously, as explained in our documentation. In our latest release, we have introduced a convenient option to store all the necessary information in a configuration file, making it easier to execute the program seamlessly.

      This command offers a convenient method for synchronizing user data from Active Directory (AD) to the MFA server. By customizing the parameters to match your specific setup, you can seamlessly integrate the two systems. It is important to note that during synchronization, passwords are not transferred, and the sync only goes from AD to SurePassID.