License editions: To understand the applicable license editions, see Plans & Pricing.
Overview
inSync administrators can configure inSync to automatically synchronize inSync user accounts and their details with the registered AD or LDAP.
Synchronize user details
inSync enables you to schedule an automatic update of user details at a defined interval. It is applicable for all the users imported in inSync using AD/LDAP Mappings.
The following information is automatically updated when you enable the Auto-update user details setting in inSync:
inSync user name
inSync user email address
inSync user AD/LDAP user name
The frequency for a scan is defined by Auto sync interval under AD/LDAP settings.
📝 Note
inSync updates the user name only if the CN (Common Name) or UPN of the user based on the AD/LDAP Mapping configuration.
You can only synchronize user details for whom you imported using your AD/LDAP. You cannot synchronize user details whom you added individually or through a CSV file.
When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.
Procedure
To enable automatic synchronization of inSync user details with your AD/LDAP,
On the inSync Management Console - Click on Endpoints or Microsoft 365 or Google Workspace
Click on Users > User Provisioning
On the Summary section > click Edit on the 3 dots on the top right corner
On the AD/LDAP Settings screen - Untick the Auto update user details check box.
Click on the Save button
inSync now automatically, at the defined interval, queries your AD/LDAP for user details and updates it in inSync.
Synchronize inSync users
When configured, inSync automatically, at a defined interval, scans your AD/LDAP and performs the following actions:
Imports any new user added to AD/LDAP which matches the AD/LDAP mapping criteria and creates a new user in Druva inSync. Auto-import of users can be configured while creating the AD/LDAP mapping. For more information, see Import users from your AD/LDAP.
Updates user details of users managed using AD or LDAP. For more information, see Synchronize inSync user details with your AD/LDAP.
Preserves any inSync user who has been disabled in your AD/LDAP.
Identifies and enables users, who are currently preserved in inSync, but now enabled in AD/LDAP and fall under an AD/LDAP Mapping defined in inSync.
Deletes the preserved user accounts based on the Data Preservation settings defined in the profile associated with the user.
The frequency for the scan is defined by Auto sync interval under AD/LDAP settings.
Example
The following example helps you understand the synchronization of users in Druva inSync with your AD/LDAP.
Assume you are managing an AD user in inSync. The inSync profile associated with the user has the following Data Preservation settings:
Auto delete preserved users - Yes
Auto delete after - 45 days
The Auto-sync interval is set to 24 hours. If you disable the user in AD, when inSync scans your AD/LDAP as per the defined auto-sync interval, inSync preserves the user in inSync Management Console. If the user stays in the preserved state for the next 45 days, inSync checks the inSync Connector connection status, and if connected, deletes the preserved user.
📝 Note
You can only synchronize users whom you imported using your AD/LDAP. You cannot synchronize users whom you added individually or through a CSV file.
When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.
Only inSync users who are auto-preserved are marked as Active as part of the auto-sync process. Deleted users cannot be enabled again.
If a user account is preserved, such user account must be part of the AD/LDAP Mapping. If the preserved user account does not fall under any AD/LDAP mapping, it is automatically deleted based on the Data Preservation settings defined in the profile associated with the user account.
Before deleting user accounts that are managed using AD or LDAP, inSync checks the status of the inSync Connectors mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists.
Procedure
To enable automatic synchronization of inSync user details with your AD/LDAP,
On the inSync Management Console - Click on Endpoints or Microsoft 365 or Google Workspace
Click on Users > User Provisioning
On the Summary section > click Edit on the 3 dots on the top right corner
On the AD/LDAP Settings screen - Untick the Auto preserve unmapped users check box.
Click on the Save button
Synchronize user with domain changes
After an synchronization with the IDP, the Druva database is updated with the latest user information, including email addresses, User Principal Names (UPNs), and other relevant details sourced from IDP. This synchronization process ensures that incremental backups for Exchange Online users continue to function correctly, even if their domain affiliations change, preventing backup failures due to such changes.
📝 Note
If a domain or username is changed for a user account, but a new account with the same name as the previously changed one is created before synchronization completes, a data mismatch can occur. This results in the new user’s data being backed up in the latest snapshot, while the old user’s data remains in previous snapshots, leading to data from both users being present across different snapshots.
This solution targets the Exchange Online Graph client API and does not cover the legacy APIs.