Skip to main content

ADSync Application Settings

Overview

This document explains the available settings found within the ADSync.exe.config file.

For guidance on recommended settings, refer to the ADSync Tool Usage Guidelines

ProductName

Default Value: AD Sync
Description: Internal use

CortexURL

Default Value: http://{portalurl}/CortexAPI/Default.aspx
Description: This is the URL path to access the Atria API.

CortexUsername

Default Value: The username which was used to logon to the portal when downloading the ADSync installation package
Description: This user is used to authenticate against the API and must have the ADSync Administrator role within Atria.

CortexPassword

Default Value: Encrypted password for the CortexUsername
Description: There is no automated way to produce a re-encrypted password if this one is changed. It can be done my reinstalling ADSync, but that's not really a great option. For this reason, it is best to use a dedicated account which is set to never expire as the ADSync logon account

DirectoryServer

Default Value: localhost
Description: For future use, do not change

UserPollTime

Default Value: 5
Description: The number of seconds ADSync waits between polling for user changes.

UserImmediate

Default Value: False
Description: No longer used

UpnFormat

Default Value: SAMAccountName
Description: Possible values are SAMAccountName or UserPrincipalName.

  • This setting determines how ADSync decides how to create this object.
  • SAMAccountName will create the object with a UserPrincipalName of SAMAccountName@Customers Primary Domain.
  • UserPrincipalName will create the object with the same UserPrincipalName as the object has in the remote AD if possible. If the hosted customer does not have the same domain provisioned, then the sync will fail.

UploadPollTime

Default Value: 5
Description: The number of seconds ADSync will wait between polling for status updates for objects which are currently being synced (provisioned)

IncludeGroups

Default Value: the SID value for the Builtin\Users group
Description: A List of groups which will contain objects determined to be in scope for syncing. The list is delimited with the pipe(|) character and can contain either the group SID or the samAccountName of the group

ExcludeGroups

Default Value: the SID value for Builtin\Account Operators|the SID value for Builtin\Administrators|the SID value for Builtin\Backup Operators|the SID value for Users\Denied RODC Password Replication Group|the SID value for Users\Domain Computers|the SID value for Builtin\Server Operators
Description: A List of groups which will contain objects determined to be out of scope for syncing. If an object is in both an Include Group and an Exclude Group, then the Exclude group wins and the object is seen to be Out of Scope. The list is delimited with the pipe(|) character and can contain either the group SID or the samAccountName of the group

KeyName

Default Value: CortexAPI
Description: Internal Use. Do not change

KeyValue

Default Value: Encrypted string
Description: Internal Use

Proxy

Default Value: False
Description: Used if a Proxy server is needed to access the API

ProxyServer

Default Value: <none>
Description: Proxy Server

ProxyPort

Default Value: 8080
Description: Port

ProxyUsername

Default Value: <none>
Description: Proxy Username

ProxyPassword

Default Value: <none>
Description: Proxy Password

CustomerName

Default Value: Short Code of the Customer the user was logged on as when downloading the installation package
Description: This is the customer for which objects will be related to when syncing to the hosted environment. It is set at installation time, and should not be changed

UserStatusFilenames

Default Value: GetUser.xml
Description: comma separated list of Request XML filenames which will be used to obtain the provisioning status of user sync requests

FolderPath

Default Value: ADSync install path\Queue
Description: Path to the Queue.

UserAddressSync

Default Value: False
Description: Determines if email addresses will be synced or not. If true, then it will attempt to sync all of the users email address as a part of the user sync. Make sure all domains for the email addresses have been provisioned against the customer in the Hosted environment otherwise the user sync will fail

UserAttributes

Default Value: sAMAccountName, userPrincipalName, givenName, sn, displayName, proxyAddresses, userAccountControl, physicalDeliveryOfficeName, department, mail, description, telephoneNumber, wWWHomePage, streetAddress, postOfficeBox, l, st, postalCode, homePhone, pager, mobile, facsimileTelephoneNumber, ipPhone,title
Description: This determines the set of attributes which are looked at for syncing. This is used in conjunction with the UserAttributesSyncOnChange setting. If this setting is set to "True", and EventlogWatch is set to "True", then only changes to these attributes will result in a provisioning request being sent.

UserSyncDelete

Default Value: True
Description: Determines if the deletion of a User in the remote domain will result in the deletion of the linked user in the hosted domain. Note: The user must be in scope at the time of deletion for this to occur

DirectoryUsername

Default Value: none
Description: Username used for accessing ActiveDirectory. This user should have Domain Admin rights

DirectoryPassword

Default Value: none
Description: Password for the Username specified in the DirectoryUsername setting

HeartbeatPollTime

Default Value: 60
Description: Time interval between issuing heartbeat notifications back to the Atria control panel. This value is in seconds.

Heartbeat

Default Value: True
Description: Sets whether heartbeat notifications will be sent back to the Atria control panel

LogMask

Default Value: 3
Description: A Bitmask specifying the level of error logging in the log files. Possible values are:1 – Message2 – Exception4 – Inner Exceptions8 – ErrorCode16 – Extended32768 – Stack Trace65535 – Everything possible

Upload

Default Value: True
Description: Used for testing. Must be set to True for ADSync to send requests to the API

UserFSMFilename

Default Value: none
Description: Used to tell ADSync to use a custom workflow instead of the built-in workflow. This is the filename of a custom Workflow config file. The file should reside in the same folder as the ADSync.exe executable

UserFSMSection

Default Value: none
Description: When custom workflows are being used, this tells ADSync the path within the workflow which contains the customized actions

UpnRequired

Default Value: False
Description: Determines if UPN's are required to be set on any object being synced. Normally set to True if UPNFormat is set to "UserPrincipalName"

DirectoryMethodMask

Default Value: 2
Description: internal use. Leave set to 2

UploadMaxErrors

Default Value: 0
Description: The number of retries which will be performed before ADSync gives up on trying to sync an object. 0 = keep trying

EventLogAddMemberEvents

Default Value: 632,5,2;636,5,2;4728,5,2;4732,5,2;4756,5,2
Description: Eventlog ID's which determine User Add events

EventLogRemoveMemberEvents

Default Value: 633,5,2;637,5,2;4729,5,2;4733,5,2;4757,5,2
Description: Eventlog ID's which determine User Delete events

EventLogWatch

Default Value: True
Description: When set to True, this is what makes ADSync go through the entire directory cataloguing everything, it is also what causes an object to be seen as in scope immediately when adding it to the include group, otherwise a change needs to be made to the object after moving it in scope

UserOutOfScopeAction

Default Value: Ignore
Description: Determines what action to take when moving an object out of scope. Values can be "Ignore" or "Delete"

UserAttributesSyncOnChange

Default Value: False
Description: Used in conjunction with EventlogWatch and UserAttributes. If both EventlogWatch and UserAttributesSyncOnChange are set to True, then ADSync will only submit a Sync request if any attributes specified in the UserAttributes setting are changed.

ContactAttributesSyncOnChange

Default Value: False
Description: Similar to UserAttributesSyncOnChange, but refers to Contact objects

GroupAttributesSyncOnChange

Default Value: False
Description: Similar to UserAttributesSyncOnChange, but refers to Group objects

ContactAttributes

Default Value: co,company,displayName,facsimileTelephoneNumber,givenName,homePhone,initials,l,mail,mailNickname,mobile, msExchHideFromAddressLists,postalCode,proxyAddresses,sn,st,streetAddress,targetAddress,telephoneNumber,title,wWWHomePage
Description: This determines the set of attributes which are looked at for syncing. This is used in conjunction with the ContactAttributesSyncOnChange setting. If this setting is set to "True", and EventlogWatch is set to "True", then only changes to these attributes will result in a provisioning request being sent.

GroupAttributes

Default Value: authOrig,description,displayName,groupType,mail,mailNickname,managedBy,member,msExchGroupJoinRestriction,msExchGroupDepartRestriction, msExchHideFromAddressLists,msExchRequireAuthToSendTo,proxyAddresses,unauthOrig
Description: This determines the set of attributes which are looked at for syncing. This is used in conjunction with the GroupAttributesSyncOnChange setting. If this setting is set to "True", and EventlogWatch is set to "True", then only changes to these attributes will result in a provisioning request being sent.

CortexApiTimeout

Default Value: -1
Description: Number of milliseconds to wait for an API response. -1 is indefinitely

EventGroupAddMember

Default Value: 632,5,2;636,5,2;4728,5,2;4732,5,2;4756,5,2
Description: Eventlog ID's which determine Group Add events

EventGroupRemoveMember

Default Value: 633,5,2;637,5,2;4729,5,2;4733,5,2;4757,5,2
Description: Eventlog ID's which determine Group Delete events

UserSync

Default Value: True
Description: Determines if ADSync will watch for User change events

ContactSync

Default Value: True
Description: Determines if ADSync will watch for Contact change events

ContactSyncDelete

Default Value: True
Description: Determines if ADSync will delete Contacts from Atria when a synced contact is deleted from the remote directory. Note: the Contact must be in scope at time of deletion

GroupSync

Default Value: True
Description: Determines if ADSync will delete Groups from Atria when a synced contact is deleted from the remote directory. Note: the Group must be in scope at time of deletion

GroupSyncDelete

Default Value: True
Description: Determines if the deletion of a group in the remote domain will result in the deletion of the linked group in the hosted domain. Note: The group must be in scope at the time of deletion for this to occur

StartupDelay

Default Value: 10
Description: On startup of the ADSync Service, ADSync will attempt to connect to the API 3 times with a delay between retries equal to this value.

MaxGetStatusTries

Default Value: 0
Description: The number of times ADSync will poll for Status updates before giving up and assuming that the object has failed to sync. This is ideal for capturing objects which are stuck in a provisioning state.

ThrottleUploads

Default Value: False
Description: Sets whether throttling is enabled which will limit the number of items which will be queued at one time. This stops the queue from growing out of hand which may cause performance issues

ThrottleLimit

Default Value: 0
Description: The maximum number of items to queue at one time.

BatchUploads

Default Value: False
Description: Sets whether Group members will be uploaded in batches to reduce the size of the request sent to the API, and the amount of work to be performed with each request.

UploadBatchSize

Default Value: 0
Description: The number of items to send in a single request

ContactOutOfScopeAction

Default Value: Ignore
Description: Determines what action to take when moving an object out of scope. Values can be "Ignore" or "Delete"

EmailRegEx

Default Value:

<setting name="EmailRegEx" serializeAs="String">
  <value>[a-zA-Z0-9!#$%&amp;'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&amp;'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?</value>
</setting>

Description:
Specifies the regular expression used to validate email addresses during synchronization.

  • Supports standard Latin characters and all typical special characters allowed in email addresses.
  • Ensures that synced email addresses conform to RFC-like syntax for compatibility with most mail systems.

Example: Supporting Russian (Cyrillic) Characters

<setting name="EmailRegEx" serializeAs="String">
  <value>[a-zA-Z0-9\u0400-\u04FF!#$%&amp;'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9\u0400-\u04FF!#$%&amp;'*+/=?^_`{|}~-]+)*@(?:[a-z0-9\u0400-\u04FF](?:[a-z0-9\u0400-\u04FF-]*[a-z0-9\u0400-\u04FF])?\.)+[a-z0-9\u0400-\u04FF](?:[a-z0-9\u0400-\u04FF-]*[a-z0-9\u0400-\u04FF])?</value>
</setting>

This example expands the character set to include Unicode range \u0400-\u04FF, supporting Russian (Cyrillic) characters in both the local part and domain of the email address.

MaxResubmits

Default Value: 0
Description: The number of times to attempt to resubmit Group items when group members have failed. If this value is not set, the group will be retried indefinitely.

If you experience any issues or require any assistance, please contact us at support@getatria.com.