Support Center

Installing AD Bridge

System Requirements:
  • Supported only on Windows Server 2008 R2, 2012 & 2016 (64-bit)
  • 15MB disk space
  • 10MB RAM
Prerequisites:
  • Scheduled Downtime - installation requires reboot
  • Single Active Directory Domain name
  • Internet connectivity
  • Your JumpCloud API Key and Organization ID

Required: Install on all DC's in your AD domain.

Considerations: 
  • The agent currently only supports a single Root domain.
  • To install the agent you need to delegate Read-Only access to a user. The agent uses it to get all users and groups in the JumpCloud security group and sync them to JumpCloud. Don't give this user a username of JumpCloud and don't add them to the JumpCloud security group.
  • If your server is configured to use a proxy, the AD Bridge agent will respect Windows native system environment variables and use proxy details configured to communicate to console.jumpcloud.com.
  • A known issue exists where downloading the installer for the AD bridge agent doesn't succeed on Firefox. As a workaround, use another browser to download the installer.
  To install AD Bridge:
  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
  2. Go to Directories.
  3. Click the green plus icon and Select AD Bridge Domain.
  4. Click Download Import Agent Installer. This is the AD Bridge agent installer. After downloading, you'll be prompted with your API key and your OrgID. Both of these will be needed during the installation. 
       
  5. Save the installer to your Domain Controller.
  6. Create a new user in "Active Directory Users and Computers." This user should not be a Domain admin, and it should not have a JumpCloud username.
  7. Right-click Users, then select Delegate Control. The Delegation of Control Wizards appears.
  8. Click Next.
  9. Add the newly created user to the delegation. 
  10. Click Next, then select Read all user information, as follows:
  11. Click Next. You should see that you have successfully completed the Delegation of Control wizard.
  12. Create a new security group in Active Directory Users and Computers. Name it "JumpCloud".
  13. Optionally, create a new security group in Active Directory Users and Computers. Name it "JumpCloud Admins".
  14. Browse to where you saved the AD Bridge installer file. Right-click the file then select Run as administrator.
  15. Click Next.
  16. Enter your Domain name in the Distinguished Name format, then click Next. For example, jumpcloud.com should be entered DC=jumpcloud;DC=com.
  17. Enter your domain user with Read All permissions, then click Next. For example, jumpcloud\adbridgesvc and password. Be sure to use the NetBIOS domain format of domain\username and not the fully DNS domain name. For example, domain.com\username.
  18. Enter your JumpCloud API Key, then click Next.
  19. Enter your JumpCloud Organization ID, then click Next.
  20. Click Install. After the install completes, restart your system.
  21. After the system restarts, confirm that JumpCloud AD Bridge Agent with service name adint is in a running status.

Configuration Options for AD Bridge

Several configuration options are available after you install AD Bridge. These configuration options are in a JSON config file named adint.config.json. You can find the config options in the file’s MainLoop section.  

To change default configurations for a domain controller, go to the JumpCloud folder where the AD Bridge is installed on that domain controller and open the adint.config.json file. Edit the configurations in the MainLoop section of the file. You’ll need to edit the adint.config.json file for every domain controller on which AD Bridge is installed.
 

The following options are available for configuration:

PasswordChangeListener - PollTimeMillis - This is the interval for the amount of time between polls to AD for password updates. The default setting is 1 millisecond.

UserDissociationAction - This setting controls the behavior of user dissociations - or what happens when a user is deleted, disabled, or removed from the JumpCloud security group in AD. Can be set to either remove or unbind; the default setting is remove. When set to remove, a user is deleted from JumpCloud if they are dissociated. When set to unbind, a user is unbound from the AD instance, but remains in JumpCloud if they are dissociated, and JumpCloud continues to manage that user’s identity.

UserFieldMapping - This setting controls the mapping of JumpCloud’s username field from AD on import. Can be set to either map JumpCloud username to “sAMAccountName” or “userPrincipalName.” The default setting for all new installations of AD Bridge is to map the JumpCloud username to  “sAMAccountName.”

UserTakeoverAction - This setting controls the behavior of user take over - or what happens when an existing JumpCloud user account is taken over from AD. Can be set to deactivate or retain. The default setting is deactivate. When set to deactivate, existing user accounts are placed into a Pending state after they are taken over from AD. Pending users are directed to reset their passwords in AD to ensure they are in sync between AD and JumpCloud. When set to retain, the user state remains the same for existing user accounts that are taken over from AD.

After you have installed AD Bridge, click here to configure AD for use with the AD Bridge.
 

Last Updated: Jul 16, 2019 05:34PM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete