DNSFilter Knowledge Base

Sync Tools

A guide for deploying directory sync tools for the purpose of synchronizing your user directories with the DNSFilter Dashboard.

The Sync Tools feature will allow administrators to synchronize groups of users to the DNSFilter Dashboard. This will allow administrators to group users into Collections and apply specific policies, schedules, and block pages to those Collections or on a per-user basis.

🚧

Note: Preview Feature

The Sync Tools feature is currently a preview feature and at this time is only available for Microsoft Windows Active Directory and Microsoft Azure Active Directory. Reporting features are also currently limited. Please check back often as we enhance this feature.

📘

Why Sync Users?

Synchronizing your users allows you to pre-stage your users and apply policies to them before they login to a computer with the Roaming Client installed.

Microsoft Windows Active Directory

👍

What can you sync?

For an on-premises Active Directory environment our Sync Tool can sync Users, Groups, and Organizational Units with your DNSFilter Collections.

Our Microsoft Windows Active Directory Sync Tool allows you to synchronize users from one or more Active Directory domains and forests in your environment. The Sync Tool allows you to synchronize the following items:

  • Users: Manually select specific Active Directory Users which you'd like to sync
  • Groups: Manually select specific Active Directory Groups which you'd like to sync.

These users and groups can be added to various DNSFilter Collections, to apply specific policies and block pages to those users or groups of users. You may also apply specific policies and block pages on a per-user basis using the DNSFilter Users feature.

To set up and configure the Microsoft Windows Active Directory Sync Tool, you may follow these instructions:

  1. Navigate to Deployments Sync Tools.
  2. Click the Install Your First Sync Tool button.
  3. Provide a Name for the new sync tool and click the Continue button.
  4. NOTE: The Secret Key is only accessible on the newly created Sync Tool page, store this in a safe location in case you need to reinstall the sync tool in the future.
  5. Download the Active Directory Sync Tool and install it on a domain-joined computer in your environment (we recommend against installing it on a Domain Controller, if possible).
  6. Open the DNSFilter AD Sync Tool from the Start Menu and add the Secret Key supplied in step #4 above. You may also change the default frequency that the sync tool synchronizes any changes to your directory to DNSFilter.
  7. For each Active Directory Domain that you wish to synchronize from, add a new entry to the Server List (on the AD server settings tab) and provide the following details:
  • Friendly Name: Text which appears for this entry in the Server List
  • Address: Fully-qualified hostname or IP address of the Domain Controller the sync tool should poll.
  • Protocol: By default, the sync tool will use LDAPS (TLS/SSL) over port 636. You may optionally change this to non-secure LDAP over port 389.
  • Username and Password: If the sync tool is installed on a non-domain computer, provide the credentials for a service account with at least Domain User permissions.
  1. Press the Test button to confirm your settings are valid, then press the Load button to verify proper connectivity to Active Directory. If connectivity was successful, a list of Active Directory Organizational Units (OUs) will be displayed. Expanding each of those OUs will show Groups and Users within those OUs.
  2. Optionally limit which OUs, Groups, and/or Users you wish to sync to DNSFilter. By checking all options, the sync tool will synchronize all groups and users. Some administrators may wish to limit the synchronization so that administrator accounts, service accounts, etc. do not get synchronized.
  3. Press the Save button to save the selected OUs, Groups, and/or Users you selected in the previous step and to force the initial synchronization to occur. The initial synchronization may take a few minutes to complete. After the synchronization is complete, you will see synchronized groups and users within your DNSFilter Dashboard.

The DNSFilter Microsoft Windows Active Directory Sync Tool runs as a system service to ensure it automatically starts if the computer is rebooted. It's important to install the sync tool on a computer that doesn't get shut down and has a stable internet connection.

Microsoft Azure Active Directory

👍

What can you sync?

For an Azure Active Directory environment our Sync Tool can sync Users and Groups with your DNSFilter Collections.

Our Microsoft Windows Active Directory Sync Tool also works with Azure Active Directory and allows you to synchronize users from one or more Azure Active Directory subscription. In this scenario the Sync Tool can be installed on any computer and allows you to synchronize the following items:

  • Users: Manually select specific Azure Active Directory Users which you'd like to sync
  • Groups: Manually select specific Azure Active Directory Groups which you'd like to sync.

🚧

Using a hybrid Active Directory environment?

If you're synchronizing an on-premise Microsoft Windows Active Directory coupled with Azure Active Directory (a hybrid environment), we recommend using the Sync Tool on the local environment.

These users and groups can be added to various DNSFilter Collections, to apply specific policies and block pages to those users or groups of users. You may also apply specific policies and block pages on a per-user basis using the DNSFilter Users feature.

To set up and configure Azure Active Directory, follow these instructions:

  1. Set up a new Azure application making sure to select the Microsoft graph API permissions.
  1. Copy the Tenant ID, Client ID and Client Secret from your Azure Active Directory instance, and add them in the Azure tenant settings tab of the Microsoft Windows Active Directory Sync Tool and make sure the settings are saved.
  1. Select the groups / OUs that need to be synced

📘

Want another Feature?

Do you have an idea for another directory synchronization tool? Login to your Dashboard and select the Feature Request option from the Support dropdown menu and let us know! The more votes we get for a feature, the greater the priority and attention we give towards getting it integrated into our product.

Version Log

You can find the history of the Active Directory integration release notes on our public changelog.

Updated 3 months ago

Sync Tools


A guide for deploying directory sync tools for the purpose of synchronizing your user directories with the DNSFilter Dashboard.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.