pdf icon
Category Filter
x

Integrate Microsoft On-Premises Active Directory(AD)

Integrating your Microsoft on-premises AD with the cloud version of Mobile Device Manager Plus MSP involves configuring a directory server and setting up a tool to sync your AD data. This is feasible by using Zoho Directory which is our in-house solution. During the configuration of the Zoho Directory server, the Zoho Directory Sync tool is downloaded and set up in order to sync your AD. Follow the steps provided to successfully integrate your on-premises AD with MDM Cloud. Additionally, you can configure SAML to enable device enrollment using Active Directory credentials.

How does Zoho Directory Sync work?

The Zoho Directory Sync queries your LDAP server and your Zoho Account. The data belonging to both these lists are compared and all the observed changes are curated during this comparison. Now your Zoho Account is updated with all the necessary changes. The major benefit of Zoho Directory Sync is not even a single update is made to your LDAP server and your data remains completely safe and secure. The task of adding, modifying, and deleting accounts in each LDAP-enabled application separately is simplified thereby enhancing network security and reducing management costs.

System Requirements

Before you download and install Zoho Directory Sync, make sure you meet the system requirements. The installer downloads and installs all the required components on your server. The system requirements are as follows.

  • A minimum of 512 MB RAM is required. If your organization has more than 10,000 employees, a RAM of 1GB or higher is required for a faster sync
  • Internet Explorer 9 and above
  • Windows 7 and above
  • Microsoft C++ Runtime redistributable 2010 or higher
  • .NET framework 4.0 and above
  • If the higher version is installed, please make sure you have .NET Framework 4.0 installed both in the Primary Domain Controller(PDC) and the local system
  • Administrator privilege for the entire AD domain is required

For best results, a network connection to your Zoho domain without any proxies or firewalls is recommended.

Procedure

STEP #1: Configuring Zoho Directory Server

The first part of the integration process involves configuring Zoho Directory Server, where you initiate the integration process by following the below given steps:

  • Login to Zoho Directory, using the same Zoho account used for domain verification and signing up with MDM.
  • Create a Zoho Directory instance, by providing your company name and portal name, which is added to the URL and used to identify your directory instance.
  • Microsoft Active Directory Integration Step 1

  • You can optionally add the contact information, if need be and then click on Domains from the left pane.
  • Microsoft Active Directory Integration Step 2

  • It is required to add and verify your domain. In the Domains window, click on Add Domain.
  • Microsoft Active Directory Integration Step 3

  • Provide your AD domain name in the space provided, which in this case is zylker.com. Click on Add.
  • Microsoft Active Directory Integration Step 4

  • Now, the added domain is to be verified. Follow the on-screen instructions to verify your domain. Once you are done, click on Verify.
  • Microsoft Active Directory Integration Step 5

  • Check the status of your domain. Here, the green check mark implies the domain has been verified and added successfully.
  • Microsoft Active Directory Integration Step 6

  • Now, click on Active Directory from the left menu and click on Download to download the tool on a Windows machine.
  • Microsoft Active Directory Integration Step 7

STEP #2: Setting up Zoho Directory Sync tool

The next part of the integration process involves setting up the Zoho Directory Sync tool, which is primarily responsible for syncing AD users and groups to MDM. Follow the steps given below to set it up:

  • Install the tool downloaded here. Open the tool and click on the Next button present in the introduction screen.
  • Microsoft Active Directory Integration Step 8

  • In the Zoho Settings section, click on Authorize with Zoho and provide your Zoho account details in the new window, when prompted. This is to ensure the account provided in the Zoho Directory server and the tool are the same, since the tool is coupled with the Zoho account which is provided.
  • Microsoft Active Directory Integration Step 9

  • After providing the account details, accept the permissions requested by clicking on the Accept button, when prompted.
  • Microsoft Active Directory Integration Step 10

  • After your account details are listed, click on Next. If you modify your account details in future, you need to open this tool and click on Re-Authorize, in order to update the details in the tool
  • Microsoft Active Directory Integration Step 11

  • Under the LDAP Credentials section, provide the details of your On-premises AD such as the domain name, domain controller etc. Refer the steps provided below to obtain these details.
  • Microsoft Active Directory Integration Step 12

  • Steps to obtain the requisite On-premise details

You have successfully integrated Microsoft On-Premises Active Directory with MDM.

AD-based authentication

You can use AD-based credentials for authentication. To enable AD-based authentication, refer to the steps below:

  • Login here and sign in if need be or go to Zoho Accounts, click on Preferences and select SAML Authentication. Now click on Setup Now.
  • Microsoft Active Directory Integration Step 38

  • Provide the details specified as shown below and click on Add to complete the process.
  • Microsoft Active Directory Integration Step 39Ensure Just In Time Provisioning is enabed if you want a user from your IdP to be added to Zoho Impromptu. The users will be added to Zoho after validating the SAML respone and their domain.

Steps to delete an organization:

NOTE : Deleting an organization affects all registered Zoho products. Make sure all the users are deleted before deleting an organization. The user and organization data across all the Zoho services will be permanently deleted.

  • Log in to Zoho Accounts
  • In the same browser window, open this link in a new tab.
  • In the left pane, go to Dashboard -> Delete Organization and click on Delete as shown.

    Microsoft Active Directory Integration Step 40

  • Now, return to Zoho Accounts and sign out from the Zoho account.
  • Close all tabs and do not refresh the page for the account to get permanently deleted (refreshing the page recreates the account).

Troubleshooting Tips

  1. How to transfer your Entra ID(formerly Azure AD) to your new Zoho account?

    If you have multiple Zoho accounts and in case you want to transfer your Entra ID(formerly Azure AD) to another account, follow these steps.

    • Login to Zoho Accounts with your old Zoho account credentials.
    • Go to Preferences -> Linked Accounts and unlink your Entra ID.
    • Now, login using the new account / account of choice and link the Entra ID.
  2. You are unable to successfully integrate Entra ID with MDM Cloud.
    • Ensure you have used an Entra ID work account to integrate with MDM Cloud. You cannot sign in and complete the integration using a personal Entra ID(formerly Azure AD) account.
    • (or),
    • Verify whether you have accessed mdm.manageengine.com and clicked on Sign in with Google or other IDPs, before selecting Office 365 to sign in with your Entra ID(formerly Azure AD) work account.
  3. The users are getting synced successfully using the Zoho Directory Sync tool, but the user list is not reflecting on MDM Cloud.

    The users might have synced from your AD to the Zoho Directory Sync tool, but not between the tool and MDM Cloud. To sync users from the Zoho Directory Sync tool to MDM Cloud, open the MDM Cloud console and go to the Enrollment tab. Click on Active Directory in the left pane. Here, all the added ADs are listed. Now, click on Sync all or Sync only modified for the users to reflect on MDM Cloud. Also, while fetching the data to MDM Cloud, sync issues may occur when invalid / special character entries are used in the user data fields (Example: Having text in the user's phone number field, etc). You can also use the Force Sync option on the Zoho Directory Sync tool to sync users from your AD to the tool.

  4. There is a domain which is already verified, but you are unable to add and verify multiple domains.

    This may occur because the domain which is being added might already be verified in another organization. Hence, the domain must be removed from the old organization before adding and verifying your domain here. By logging in using your old organization's credentials, remove the domain(s). If required, refer the steps to delete an organization in order to remove your old organization.

  5. In the Zoho Directory Sync tool, you encounter the message "General Error", while authorizing Zoho account.

    At times, the system might fail to establish a connection with the server, Zoho Accounts. Follow these steps to resolve this error.

    • Check if the firewall and proxy configuration are in place. If yes, try to access Zoho Accounts from any web browser.
    • Verify whether the system requirements are met. (Especially, update IE to 11 and install .NET 4.0 and 4.5)
    • Now, retry the authorization process in the Zoho Directory Sync tool.
  6. In the Zoho Directory Sync tool, you encounter "ERROR_Invalid_Code" / "other_dc", while authorizing Zoho account.

    This may occur for users setting up the Zoho Directory Sync tool with a European Domain Controller (.eu DC). The Sync tool is not completely compatible with EU DC. In your machine, go to Program Files -> ZOHOCORP -> conf and replace the file, app.properties with the one given here.


  7. In the Zoho Directory Sync tool, you encounter the message "Use Administrator Account" while trying to add your AD in MDM Cloud.

    The approval of the administrator is always required for syncing the Zoho Directory Sync tool with your AD.

    • Ensure the steps involved in setting up the Zoho Directory Sync tool are carried out properly.
    • Verify if all the credentials provided by the administrator are correct.
    • Now, close the Directory Sync tool and go to Program Files -> ZOHOCORP -> conf and open the app.properties file. Here, add a statement "admin=false". Restart the tool and add your AD to MDM Cloud again.
  8. How do you install the Zoho Directory Sync tool in another machine?

    When you install the Zoho Directory Sync tool for the first time, the directory saves the configuration. You cannot install the sync tool on other machines without removing this existing configuration. To permanently delete the configuration, go to the Settings window in the Sync tool and turn on the Delete Configuration toggle button. Now, you can uninstall the Zoho Directory Sync tool from the old machine and refer to the procedure to install in another machine.

 

Jump To

    Related Articles