[Notification] We're upgrading the JumpCloud Support Center the week of September 16th.

Support Center

Installing the AD Import Agent

System Requirements:
  • Supported only on Windows Server 2008 R2, 2012, 2016, and 2019 (64-bit)
  • 15MB disk space
  • 10MB RAM
  • Scheduled Downtime - installation requires reboot
  • Single Active Directory Domain name
  • Internet connectivity
  • Your JumpCloud API Key and Organization ID

Required: Install on all DC's in your AD domain.

  • The agent currently only supports a single Root domain.
  • To install the agent you need to delegate Read-Only access to a user. The agent uses it to get all users and groups in the JumpCloud security group and sync them to JumpCloud. Don't give this user a username of JumpCloud and don't add them to the JumpCloud security group.
  • If your server is configured to use a proxy, the AD Import agent will respect Windows native system environment variables and use proxy details configured to communicate to console.jumpcloud.com.
  • A known issue exists where downloading the installer for the AD Import agent doesn't succeed on Firefox. As a workaround, use another browser to download the installer.
  To install the AD Import agent:
  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
  2. Go to Directories.
  3. Click the green plus icon and Select AD Directory Domain.
  4. Click Download Import Agent Installer. This is the AD Import agent installer. After downloading, you'll be prompted with your API key and your OrgID. Both of these will be needed during the installation.    
  5. Save the installer to your Domain Controller.
  6. Create a new user in "Active Directory Users and Computers." This user should not be a Domain admin, and it should not have a JumpCloud username.
  7. Right-click Users, then select Delegate Control. The Delegation of Control Wizards appears.
  8. Click Next.
  9. Add the newly created user to the delegation. 
  10. Click Next, then select Read all user information, as follows:
  11. Click Next. You should see that you have successfully completed the Delegation of Control wizard.
  12. Create a new security group in Active Directory Users and Computers. Name it "JumpCloud".
  13. Optionally, create a new security group in Active Directory Users and Computers. Name it "JumpCloud Admins".
  14. Browse to where you saved the AD Import installer file. Right-click the file then select Run as administrator.
  15. Click Next.
  16. Enter your Domain name in the Distinguished Name format, then click Next. For example, jumpcloud.com should be entered DC=jumpcloud;DC=com.
  17. Enter your domain user with Read All permissions, then click Next. For example, jumpcloud\adbridgesvc and password. Be sure to use the NetBIOS domain format of domain\username and not the full DNS name. For example, domain.com\username.
  18. Enter your JumpCloud API Key, then click Next.
  19. Enter your JumpCloud Organization ID, then click Next.
  20. Click Install. After the install completes, restart your system.
  21. After the system restarts, confirm that JumpCloud AD Import Agent with service name adint is in a running status.

Configuration Options for AD Import

Several configuration options are available after you install AD Import. These configuration options are in a JSON config file named adint.config.json. You can find the config options in the file’s MainLoop section.  

To change default configurations for a domain controller, go to the JumpCloud folder where AD Import is installed on that domain controller and open the adint.config.json file. Edit the configurations in the MainLoop section of the file. You’ll need to edit the adint.config.json file for every domain controller on which AD Import is installed.

The following options are available for configuration:

PasswordChangeListener - PollTimeMillis - This is the interval for the amount of time between polls to AD for password updates. The default setting is 1 millisecond.

UserDissociationAction - This setting controls the behavior of user dissociations - or what happens when a user is deleted, disabled, or removed from the JumpCloud security group in AD. Can be set to either remove or unbind; the default setting is remove. When set to remove, a user is deleted from JumpCloud if they are dissociated. When set to unbind, a user is unbound from the AD instance, but remains in JumpCloud if they are dissociated, and JumpCloud continues to manage that user’s identity.

UserFieldMapping - This setting controls the mapping of JumpCloud’s username field from AD on import. Can be set to either map JumpCloud username to “sAMAccountName” or “userPrincipalName.” The default setting for all new installations of AD Bridge is to map the JumpCloud username to  “sAMAccountName.”

UserTakeoverAction - This setting controls the behavior of user take over - or what happens when an existing JumpCloud user account is taken over from AD. Can be set to deactivate or retain. The default setting is deactivate. When set to deactivate, existing user accounts are placed into a Pending state after they are taken over from AD. Pending users are directed to reset their passwords in AD to ensure they are in sync between AD and JumpCloud. When set to retain, the user state remains the same for existing user accounts that are taken over from AD.

After you have installed AD Import, click here to configure AD for use with the AD Import.

Last Updated: Jul 30, 2019 02:35PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found