Search

MachPanel Knowledgebase


HOW TO:MachSync Configuration Guide

Thursday, February 20, 2025
Mudesira Munir
MachPanel

Summary

This article provides step by step guide on how to configure MachSync Utility.

Applies To

This article applies to MachSync v1.0

Pre-Requistes

Before you can configure MachSync on Active Directory, you need to download and install MachSync v1.0. Please review below KB:

MachSync Installation Guide

What is MachSync?

MachSync is a software which contains a windows application, a windows service, windows module extension and some related libraries. Main purpose of MachSync is to synchronizes multiple active directory identities (Users & Groups) data.

Why MachSync?

MachSync supports Cross Forest multi-targeting Active Directory user synchronization. It refers to the process of synchronizing user accounts across multiple Active Directory (AD) forests. In large organizations or those with complex IT infrastructures, it's not uncommon to have multiple AD forests due to mergers, acquisitions, or other reasons. Each forest might have its own set of user accounts, groups, and resources.

Synchronizing user accounts across these forests allows for a unified identity management system, enabling users to access resources in any of the forests with a single set of credentials. This synchronization typically involves replicating user account information, including attributes such as usernames, passwords, group memberships, and other relevant data.

The goal of MachSync is to manage and simplify cross-forest multi Active Directory synchronization and is to streamline identity and access management, improve security, and enhance user experience by providing seamless access to resources across disparate AD forests.

Understanding MachSync?

MachSync Active Directories in MachSync context can be classified as either ‘Source’ or ‘Target’ active directories and are explained below.

Note: The active directory domains are defined as Source and Target for ease of understanding. In case of Two Way Sync, the concept becomes void as change in any AD will be pushed to other AD configured.

Source Active Directory (Client or Originator)​​

This is AD from where it is required to sync/push data to other active directories to make identities data consistent across multiple ADs. There it is required to define ‘Sync Templates’ and ‘Profiles’.

  • What are Templates?
    • Template is set of configurations, where it is defined that what data of identity will get synced ,  in which fashion it will sync (like keeping nested OU structure or not, copying source UPN suffixes and etc..) and what license type rules will be applied to template (if there are multiple type of licenses purchased).
  • What are Profiles?
    • Profile is defined mapping of source and target ADs. Where it is defined that from which source organization to which target Organization data will get synced and applying sync rules from selected template. It also get configuration for whether to sync security groups also, and also takes custom filter for excluding unwanted identities from sync.

Target Active Directory (Host or Destination)

This is AD which expects data from source AD to synchronize into specified identities under specific Organizations. On target AD, we first need to define one or more Endpoints.

  • What are Endpoints?
    • Endpoint in MachSync on target machine is a configuration of group of selected Organizations, which are exposed for identities data capture/catch. By defining endpoint, it is specified that which Organizational Units will capture/sync-into data from source(s) AD(s).
  • There is no license required for target machine.​​
MachSync - Configuration Guide

Dashboard

When MachSync is installed then default dashboard page will also and provide you links for navigating through different section.

1 - Configure "General Settings" - (Required for BOTH Source AD and Target AD)

The general settings under "Settings" tab are required to be configured on both Source AD and the Target AD. Do this on both the Source and Target Domain controllers up front and then follow the rest of configuration individually for Source/Target AD.​​

General Settings (required):

  • Configure the General settings required for synchronization on both Target AD and Source AD, such as mentioning Domain Netbios name, the Service Account credentials, IP and Port (TCP) and Sync Interval.
  • Most of details are auto fetched. Add password for the Service Account. Click Save.

Fields of the above screen are described below:

  1. Domain NetBios name: AD domain NetBios name input field.
  2. Service Account: AD administrator account with permissions to perform local operations.
  3. Password: Password for AD admin user provided in above field.
  4. IP:  AD server IP address.
  5. Port (TCP): Add AD TCP port. Note: Ensure TCP port is added in firewall for both inbound and outbound communication.

Advanced Settings:

Configure the Advanced settings required for synchronization on both Target AD and Source AD

  1. Password Capture Attribute: Password Capture Attribute is used to capture the updating password info and store its hash in this attribute.
  2. Data Folder: All the data related to sync will be stored in that folder.
  3. Logging Enabled: Enable/Disable logging. Simple check/uncheck input to whether to enable logging or not.
  4. Logs Folder: This is Log Path. Select log folder to create log files in there if logging is required.
  5. Verbose Logging: Check box if verbose logging required.
  6. Purge Logs after: Select number of days after which logs are cleared from the Logs folder.

Notifications (optional):

  • Enable and Configure the Notification settings on both Source AD and Target AD

  • Mail Server Configuration
    • Give details of SMTP Server, Port, SSL (Checked/Unchecked), Required Authentication (Checked/Unchecked) if yes/checked, then give Credentials for SMTP Account.
  • Mail Delivery Settings
    • ​Give details of From (name), From (email), Subject, Send To (if there multiple email addresses then you can add them all using comma separated).
  • Notification Events
    • ​You can tick the checkbox below, it is about on which particular event the notification should be sent
      • On Failure
      • On Setting Update
      • On Data Push
      • On Data Process
2 - Configuration of Target Active Directory

Target Active Directory is configured first, as the "Key" and "Secret" of target AD is required for source AD profile configuration.

Add Endpoint:

  • Under the Endpoints Section, click on "Add Endpoint".

  

  • Give the Endpoint "Name".
  • Key and Secret values will be auto generated. (*Note: These will be required while adding Source AD Profile)
  • Select the Target OU(s) and click Add.

3 - Configuration of Source Active Directory

Once Target Active Directory is configured i.e., Endpoints are added in Target Active Directory. Then you have to configure Source Active Directory.

Add Template(s):

  • On the Source AD, under the Templates section click Add Template

  • Provide Template name
  • Choose License Type (Basic, Standard, Enterprise)
    • Depending upon the licenses you have purchased, the License Type drop down will show that available licenses.
  • Give any Description
  • Checkbox Matching UPN Suffix
    • Enabling this setting will create source UPN suffixes on target and will create/sync user with same UPN on target(s).
  • Checkbox Match OU Structure on Target
    • Enabling this setting will keep nested OU structure of selected source organization onto specified/linked target(s) organization.

Add Profile(s):

  • On the Source AD, under the Profiles section click Add Profile

  • Source Machine Config:
    • Local OU (Select Local OU as Shown in above screenshot)
    • Users Custom Filters
      • Input filter in Directory Search Syntax to filter users with specific criteria.
    • Members of Groups
      • Mention name of group, to limit sync of users to members of that group only.
    • Sync Security Groups (Checkbox)
    • Groups Custom Filters
      • Input filter in Directory Search Syntax to filter groups with specific criteria.
    • Template
      • Select the template from drop down which is created on previous step.
  • Target Machine Config:
    • ​IP
      • Enter IP address of Target AD Server
    • Port (TCP)
      • Enter Port configured in Target AD Server
    • Key
      • Enter the Key generated automatically while creating endpoint on Target AD Configuration
    • Secret
      • Enter the Secret value generated automatically while creating endpoint on Target AD Configuration
    • Target OU
      • Click Fetch Target OU
        • It will fetch the OUs selected while adding endpoint on Target AD Configuration
 
4 - Configuration (One to One - One Way Sync)

Once above steps are completed, your one way Sync from Source AD to Target AD is complete. Now the dashboard will show you stats of sync along with event log:

 

5 - MachSync - License Information

You can view License Information for MachSync. It shows Installation Id, License Type, Expiry Date, Type of sync allowed under license i.e. One to Many and Many to Many.

Once you purchase the license, you can click on "Update" button and insert your "License Key" and hit "Apply" to see your purchased limits.

6 - Configuration (One to One - Two Way Sync)

To configure two way sync, you must repeat steps 2 and 3 above in reverse order i.e. on Source AD (Create Endpoint) and Target ADs (Add Template, Add Profile):

  • Add "Endpoint" by clicking on "Add Endpoint" button under "Endpoints" section on Source AD.

 

  • Add Template by hitting "Add Template" button under "Templates" section on Target AD.

  ​

  • Add profile by hitting "Add Profile" button under "Profiles" on the Target AD.

Now the "Dashboard" on both domain controllers will show you stats of sync along with event log. Any change you make on one AD will be replicated over to the other AD.

Source AD Dashboard after two way sync:

 

Target AD Dashboard after two way sync:


Once above steps are completed, your Two Way Sync between Source AD and Target AD is complete.

Share Article

On a scale of 1-5, please rate the helpfulness of this article



Not Helpful
Very Helpful
Optionally provide additional feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Type: HOW TO
Level: Intermediate
Last Modified: 9 hours ago
Last Modified By: zohaib.shaikh
Article not rated yet.
Article has been viewed 178 times.
Options
Print Article
Export As PDF
Also In This Category
Tags
Active Directory user synchronization
configuration guide
Cross Forest multi-targeting Active directory
Machsync
Machsync configuration guide
Customer Support Software
Execution: 0.000. 7 queries. Compression Disabled.