Skip to content
Last update: 2022-04-11

Directory service

You can synchronize users and groups from multiple sources using Microsoft Active Directory (AD) and Microsoft Azure AD (Azure AD). You can also synchronize devices, device groups, public folders, and mailboxes from AD.

You can synchronize from multiple Azure AD domains to Sophos Central.

You can also do the following:

  • Synchronize devices and device groups from AD and synchronize users and user groups from Azure AD for the same domain.
  • Synchronize Azure AD for different domains.
  • Synchronize AD for different domains in the same forest. You can select multiple child domains within a single forest.

Restrictions

You can't do following:

  • Synchronize multiple AD sources from the same domain.
  • Synchronize multiple Azure AD sources from the same domain.
  • Synchronize users using both AD and Azure AD from the same domain.
  • Synchronize multiple AD forests with a Sophos Central Admin account.
  • Use more than one copy of Active Directory Synchronization Setup for a Sophos Central Admin account.
  • Set up more than one set of synchronization options for AD for a Sophos Central Admin account.

Set up directory sources

You must be an Admin to set up directory sources.

Go to Overview > Global Settings > Directory service.

When you've set up synchronization, you can see your directory sources.

Directory sources

You can see the following information for each of your sources.

  • Name: Click the directory source name to see full details.
  • Type: Either Active Directory or Azure Active Directory.
  • Domain Name: The domain from where your information is synchronized.
  • Synchronization schedule: The times at which synchronization happens.
  • Status: If the last synchronization was successful. It also shows if there are any warnings or errors.

Directory sources

You can view synchronization alerts in Overview > Alerts.

You can view synchronization events in Overview > Logs & Reports > Events.

Review details

To check the details for a directory source, click the name of the source.

You can see the following for an AD source:

  • The number of users, groups, devices, device groups, public folders, and shared mailboxes imported.
  • Client hostname and AD version.
  • If the last synchronization was successful or whether any warnings or errors occurred.
  • Time of the last synchronization with AD.
  • Domain from where your information is synchronized.

You can see the following for an Azure AD source:

  • The number of users and groups imported from Azure AD.
  • If the last synchronization was successful or whether any warnings or errors occurred.
  • Time of the last synchronization with Azure AD.
  • Synchronization schedule.

Manage your sources

For each directory source, you can do the following:

You can change the configuration for your directory sources. You can also remove synchronized data (purge data).

For help on doing these for AD sources, see the following:

For help on doing these for Azure AD directory sources, see the following:

You can also delete Azure AD directory sources. See Delete an Azure AD directory source.

Change directory source name

You can change the name and description of a source.

Warning

You must turn on synchronization for your changes to take effect. When you turn on synchronization, you can't undo the changes you've made.

To make changes, do as follows:

  1. Go to Overview > Global Settings > Directory service.
  2. Click the name of the source.
  3. Click Turn off.
  4. Edit the name and description.
  5. Click Turn on.

Synchronize a source

To manually synchronize, do as follows:

  1. Go to Overview > Global Settings > Directory service.
  2. Click the name of the source.
  3. Click Synchronize.
Back to top