-
A configured AD domain.
-
A PolicyServer group configured to point to one or more valid AD organizational units (OUs).
-
Appropriate credentials to access the AD domain that match the PolicyServer group's distinguished name.
When configured properly, synchronization automatically creates new PolicyServer users
and moves
them to the appropriate paired groups on PolicyServer. During synchronization,
PolicyServer is updated to reflect current users and group assignments for paired
groups.
Adding a new user to the domain and placing that user in an organizational unit will
flag that
user so that during the next synchronization, AD will create that user in PolicyServer
and then move that user into the appropriate paired PolicyServer group.
Deleting a user from AD will automatically remove that user from a PolicyServer paired
group and
from the enterprise.
To add non-domain users to groups that are synchronized with the domain, you can create
unique
Endpoint Encryption users and add them to paired PolicyServer groups without having those users modified
by the
synchronization system.
If you remove the Endpoint Encryption user from a paired group in
PolicyServer, that domain user will not automatically be re-added by the synchronization
system. This prevents overriding the your action for this Endpoint Encryption user. If you manually move a
synchronized domain user back into a paired group then the synchronization system
will
again begin to automatically maintain the user in the group.