Last updated on April 2, 2025
Here’s a list of frequently asked questions regarding the Rublon Active Directory Synchronization.
Frequently Asked Questions (FAQ) about Active Directory Sync
Can I add more than one AD Sync Configuration in a single instance of the Rublon Authentication Proxy?
No, the Auth Proxy is limited to one Active Directory Sync Config per instance.
Is any information from Rublon imported into Active Directory?
No. Rublon AD Sync imports users and groups from Active Directory into the Rublon Admin Console. No information from the Admin Console is imported into Active Directory.
How often does Active Directory Sync run?
To enable automatic syncs, set directory_sync to enabled in the directory_sync section of the configuration file. When enabled, Rublon AD Sync performs automatic syncs twice a day.
You can run a manual synchronization at any time.
Can I import admins from Active Directory into the Administrators tab of the Rublon Admin Console?
Synchronizing Active Directory administrators is not supported at this time.
Can I sync multiple Active Directory directories into the Rublon Admin Console?
Yes, but you will have to set up multiple Rublon Authentication Proxy instances with different auth_source names (this is very important; otherwise, users will get overriden).
Can I make changes to the users and groups synchronized from Active Directory into the Admin Console?
While you can make changes to users and groups synced from Active Directory, any changes you make to Active Directory-synced users and groups will be lost during the next synchronization.
What happens if a user already exists (e.g., added manually) and the same user is now being synchronized from Active Directory?
If Active Directory Status is Enabled:
The user’s status is updated to Active in the Rublon Admin Console.
If Active Directory Status is Disabled:
The user’s status is updated to Denied in the Rublon Admin Console.
Exception – Bypass Status:
If the user already has the Bypass status in the Rublon Admin Console, their status is not updated, regardless of the Active Directory status.
Does deleting a user in Active Directory also delete that user from the Rublon Admin Console during the next synchronization?
Yes. If you delete a user from Active Directory, then this user will also be deleted from the Rublon Admin Console during the next synchronization.
How are Active Directory user statuses mapped into Rublon Admin Console user statuses?
Starting with version 3.6.0, users with a “Disabled” status in Active Directory will be synchronized into the Rublon Admin Console with the Denied status.
The following is a table that maps the statuses based on whether the account is enabled or disabled in Active Directory and what the previous account’s status was in the Rublon Admin Console:
| Active Directory Account State | Existing Rublon Admin Console Status | Resulting Rublon Admin Console Status | Comments |
| Enabled (true) | The user account doesn’t exist in the Rublon Admin Console. | Active | – |
| Enabled (true) | Active | Active | No change. |
| Enabled (true) | Bypass | Bypass | No change; if the user is set to Bypass in the Rublon Admin Console, the status remains unchanged after synchronization. |
| Enabled (true) | Denied | Active | Changed to Active; Active Directory is considered the source of truth. To set a Denied status, the account must be disabled in Active Directory. |
| Enabled (true) | Locked Out | Locked Out | No change (same behavior as Bypass). |
| Enabled (true) | Pending | Active | The user status in the Rublon Admin Console is changed to Active. |
| Disabled (false) | The user account doesn’t exist in the Rublon Admin Console. | Denied | – |
| Disabled (false) | Active | Denied | The user status in the Rublon Admin Console is changed to Denied. |
| Disabled (false) | Bypass | Denied | The user status in the Rublon Admin Console is changed to Denied. |
| Disabled (false) | Denied | Denied | No change. |
| Disabled (false) | Locked Out | Denied | The user status in the Rublon Admin Console is changed to Denied. |
| Disabled (false) | Pending | Denied | The user status in the Rublon Admin Console is changed to Denied. |
Related Posts
How to synchronize users from Active Directory using Directory Sync
