Active Directory

The Active Directory provider in Data Sync is a read-write connector for Active Directory User and Contact objects.

Connect to Active Directory


Your Windows Credentials to connect to your Active Directory, if blank then the current process/user credentials are used instead. To add them click on the ellipsis (...) to open the credentials window.


The LDAP Path to your Active Directory can be a full LDAP path or server name.

  • LDAP://dc=corp,dc=litware,dc=inc
  • LDAP://dc01


If your AD has SSL enabled you can connect using SSL by changing this to True by selecting the value from the drop down list.

Enable SSL


The LDAP filter used to limit the results on the server side.

The default filter is set as (&(objectClass=User)(givenname=*)(sn=*)) this returns Active Directory Objects that are of type user have a givenname value and a sn value.

LDAP Filter Syntax

Group Filter

You can use an LDAP Filter to limit the results returned from Active Directory.

The LDAP filter below is an example filter that returns users that are members of the CRM Team Users Active Directory group

(&(objectClass=User)(memberOf=CN=CRM Team Users,CN=Users,DC=corp,DC=litware,DC=inc))


The number of Active Directory objects to return in each query request default 1000.


Used when creating Active Directory objects specifies the type of object to create either User or Contact.


Used when creating Active Directory objects specifies how the Object Name is created, uses replacement tokens so that the name is created from values in the schema map for example $First Name$ $Surname$


The Properties collection contain all the Active Directory Properties that the connection will return. The connection includes a default set of properties and you can extend this list with your own custom Active Directory Attributes.

Active Directory Attributes

Property Description Example
AdName The name of the Attribute in Active Directory employeeid
DataType The DataType of the Attribute System.String
ReadOnly Specifies if this is attribute read-only and therefore not sent to Active Directory on Create and Update. False
TryParseValue Specifies if Data Sync should try and parse the value to extract a friendly value. Should be false if your Updating this attribute. False

Adding properties requires that you refresh the Data Source Schema so they are displayed.

Update the Manager Attribute

To update the Active Directory Manager attribute first you need to change the default property value so that ReadOnly=False and TryParseValue=False

Update Active Directory manager Attribute

If you preview the Active Directory data you will now notice that the Manager attribute is returned in full Active Directory path format CN=Test User 2,OU=TestUsers,DC=internal,DC=simego,DC=com this is the format you need to supply to Active Directory.

You can do this several ways either via a Lookup to Active Directory and return the Distinguished Name property or build a function in Dynamic Columns to create the value you need.

Set User Password

You can set the Password on a user account via Project Automation using the .NET DirectoryEntry object that you can get via GetDirectoryEntry(string) method.

For example the code below runs in Project Automation AfterAddItem method to set a default password on the account.

public override void AfterAddItem(object sender, DataCompareItemInvariant item, object identity)
        Trace.WriteLine("AfterAddItem->{0}", identity); 
        using(var entry = DataSourceB.GetDirectoryEntry(identity)) 
            var uac = (int)entry.Properties["userAccountControl"].Value;            
            uac = uac | 0x10000; //Password never Expires
            uac = uac & ~0x2; //Unlocked
            entry.Properties["userAccountControl"].Value = uac;
            entry.Invoke("SetPassword", "!password123");
            entry.Properties["pwdLastSet"].Value = -1;