Synchronize Users and Groups

Synchronizing users and groups means the management center queries the realms and directories you configured for groups and users in those groups. All users the management center finds can be used in identity policies.

If issues are found, you most likely need to add a realm that contains users and groups the management center cannot load. For details, see Realms and Trusted Domains.

Before you begin

Create a management center realm for each Active Directory domain and a management center directory for each Active Director domain controller in each forest. See Create an LDAP Realm or an Active Directory Realm and Realm Directory.

You must create a realm only for domains that have users you want to use in user control.

You can nest Microsoft AD groups and the management center downloads those groups and the users they contain. You can optionally restrict which groups and users get downloaded as discussed in Create an LDAP Realm or an Active Directory Realm and Realm Directory.

Procedure

Step 1

If you haven't done so already, log in to the management center.

Step 2

Click Integration > Other Integrations > Realms.

Step 3

Next to each realm, click Download (download icon).

Step 4

To see the results, click the Sync Results tab.

The Realms column indicates whether or not there were issues synchronizing users and groups in Active Directory forests. Look for the following indicators next to each realm.

Indicator in Realms column

Meaning

(nothing)

All users and groups synchronized without error. No action is necessary.

Yellow Triangle (yellow triangle icon)

There were issues synchronizing users and groups. Make sure you added a realm for each Active Directory domain and a directory for each Active Directory domain controller.

For more details, see Troubleshoot Cross-Domain Trust.