Views:
The Synchronization Agent connects to your Active Directory to synchronize user and group data with TMWS.
TMWS supports the following operating systems for the agent and the AD server:
  • Windows Server 2012 and 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

Procedure

  1. Download the agent installation package.
  2. Copy the installation package to the computer that you prepared for the agent, and then extract the content of the package.
  3. Execute the .msi file to launch the installation wizard and then follow the prompts to complete the installation.
  4. From the Trend Micro IWSaaS AD Sync Agent dialog box, configure the following:
    Important
    Important
    To ensure successful user synchronization and authentication, the following attributes must be set to identical values on both the Synchronization Agent and your Active Directory server: User Search Filter, User Email Attribute, User Full Name Attribute, Department Name Attribute, Group Search Filter, Group Attribute, and Group Name Attribute.
    Trend Micro strongly recommends keeping the default values for these attributes.
    Item
    Details
    Domain
    Do either of the following:
    • Select + New domain, type a domain name, and then configure the settings for the domain. The domain name should already exist on the Directory Services page of the TMWS management console.
      After you click Apply, the Synchronization Agent saves the domain configurations, and you can see the domain name in the drop-down list.
    • Select a configured domain name from the drop-down list, and then click Delete.
      The Synchronization Agent removes the domain and its configurations.
    The Synchronization Agent supports synchronizing user and group data on multiple configured domains at the same time.
    Server Hostname
    Type the Active Directory host name or IP address. Change the port number only if you use a different port for the Active Directory server.
    If you use a global catalog server or a trusting domain, set Port to 3268 or 3269 based on whether the corresponding server uses LDAP or LDAPS.
    Enable Secondary LDAP and Server Hostname
    Turn on to ensure the continuation of service in case the primary Active Directory server becomes unavailable.
    Type the Active Directory host name or IP address. Change the port number only if you use a different port for the Active Directory server.
    Username and Password
    Type the Active Directory authentication credentials.
    Enable Anonymous Access
    Turn on to allow the administrator to be authenticated without providing an Active Directory administrator's account. For this feature to work, also enable anonymous authentication on the Active Directory server.
    Base Distinguished Name
    Type the name used by the Active Directory server as a reference point when querying an Active Directory.
    User Search Filter
    Query Active Directory by users.
    User Name Attribute
    The Active Directory user ID attribute name, "sAMAcountName", cannot be modified.
    User Email Attribute
    Type the Active Directory user email address. Configuring this field enables Active Directory users to log on using their email addresses as their account names.
    User Full Name Attribute
    Name of the Active Directory user. This parameter is fixed to name and not editable.
    Department Name Attribute
    Type the attribute name of the department to which the Active Directory user belongs.
    Group Search Filter
    Query Active Directory by groups.
    Group Attribute
    Active Directory group attribute that is used in the relationship between a user and a group or a group and a group. This parameter is fixed to memberOf and not editable.
    Group Name Attribute
    Name of the Active Directory group attribute. This parameter is fixed to name and not editable.
    Sync Frequency
    Synchronize with the Active Directory server manually or according to a schedule (every six hours, daily, weekly, or monthly). If you choose Manually, whenever there are changes to Active Directory user information, remember to go back to this screen and perform manual synchronization so that information in TMWS remains current.
    TMWS Administrator Account (Username and Password)
    Type the TMWS administrator's account and password to allow the Synchronization Agent to connect to TMWS.
    Network (HTTP Proxy and Proxy Port)
    Configure proxy settings if your Intranet network can only access the Internet through a proxy server.
    Click Test Connection to verify that connection can be established with the Active Directory server.
  5. Click Apply.
  6. Click Sync Now.
    The Synchronization Agent starts synchronizing user and group data on all configured domains.