Overview
After the CrashPlan User Directory Sync is configured, synchronize your directory service with your CrashPlan environment. Synchronization automatically creates users, updates their organization and role assignments, and deactivates users in your CrashPlan environment based on changes made within your directory service.
This article explains how to run synchronization and provides details about the available synchronization options. For help troubleshooting synchronizations, see Troubleshoot CrashPlan User Directory Sync.
Considerations
- To perform synchronization, you must be authorized to access and manage the directory service used at your company (for example, Active Directory).
- If you need help with CrashPlan User Directory Sync, contact your Customer Success Manager (CSM) to engage the Professional Services team.
Before you begin
Before you perform synchronization, you must do the following:
- Install the CrashPlan User Directory Sync tool to a dedicated host computer or virtual machine.
- Configure scripts to control how synchronization provisions users from your directory service to your CrashPlan environment.
- Configure properties in the config.properties file to control how synchronization processing occurs.
Perform a synchronization
To perform a synchronization, run the C42UserDirectorySync
executable either manually or in a scheduler. After synchronization, review logs in the \logs directory and view the provisioning changes in the sync log.
Manually
Before you run synchronization, perform a test synchronization in dry-run mode.
After you have successfully tested synchronization with dry-run tests, perform the actual synchronization:
- Open a command prompt on the host computer in which CrashPlan User Directory Sync tool is installed.
- Navigate to the \bin folder of the CrashPlan User Directory Sync tool.
- Run the
C42UserDirectorySync
executable to synchronize your directory service to your CrashPlan environment.
For example:- Run the following command to synchronize the changes made since the last time synchronization was run:
C42UserDirectorySync --sync-now
- Run the following command to perform a full synchronization:
C42UserDirectorySync --sync-now --full-sync
- Run the following command to synchronize the changes made since the last time synchronization was run:
- Review logs in the \logs directory, and view the provisioning changes in the sync log.
Run the C42UserDirectorySync
executable with additional options to perform dry-run synchronization, specify parameters, and to troubleshoot problems. See C42UserDirectorySync options below for descriptions of all the options you can run with the executable.
Scheduled
To schedule the sync to run on a repetitive basis, use a scheduler. When configuring a scheduler on a Windows host, ensure the task is scheduled to run as the same user who set the LDAP and SCIM passwords.
Use a scheduler such as:
- the Windows Task Scheduler
- a cron job
- Third-party scheduling tools
C42UserDirectorySync options
Following are options that can be used with the C42UserDirectorySync
executable.
To see all available options, run C42UserDirectorySync
--help
from the \bin folder in which the CrashPlan User Directory Sync tool is installed.
Options | Description |
(none) |
Executes the synchronization in dry-run mode. This performs a connection check between your directory service (LDAP server) and the CrashPlan cloud. It then queries for users that have changed since the last successful synchronization and outputs the username, active status, organization, and roles that would be provisioned to CrashPlan during a live incremental synchronization (using the --sync-now option). |
|
Attempts to auto-detect an LDAP server using the provided DNS domain (for example: corp.code42.com). |
--changed-since <date> |
Synchronizes all users that haven't been updated since the specified date. Specify the date using an ISO format for the day (yyyy-MM-dd), and optionally, time (yyyy-MM-ddTHH:mm:ssUTC). When specifying the time, the time zone is optional and reverts to the local time zone if omitted.
To ensure that you synchronize all users who have not been synced yet, either set a date far enough in the past to pick up all users who have not been synchronized, or first run
This option cannot be run with the |
|
Performs a synchronization using the specified configuration file. Without this parameter, the |
--debug |
Executes the command in verbose mode. This mode outputs network results and user details, as well as additional logging detail for each processing step. |
|
Performs a synchronization using a file containing a list of the users you want to synchronize (for example, users.txt). If you use this option, ensure you set the |
|
Performs a synchronization using an LDAP search filter file that contains the LDAP query to use in place of the default (for example, filters.txt). Use query language specific to your directory service, for example:
For more examples of filters that can be used with Active Directory implementations, see Microsoft's TechNet article.
This option cannot be run with the |
--full-sync |
Performs a full synchronization from your directory service to your CrashPlan environment:
The following options can be used with
|
--ldap-bind-password |
Reconfigures the LDAP password in the event the password is updated for your LDAP directory service use. Running this option writes the encrypted version of the LDAP password to the config.properties file, and verifies the password against the LDAP service. If errors are reported, address the errors before proceeding. |
--scim-password |
Reconfigures the SCIM password in the event the password is regenerated for the CrashPlan User Directory Sync in the CrashPlan console. Running this option writes the encrypted version of the SCIM password to the config.properties file, and the network connection is tested between the LDAP server and the CrashPlan cloud. If errors are reported, address the errors before proceeding. |
--sync-now |
Performs a synchronization from your directory service to your CrashPlan environment:
The following options can be used with
|
--trace |
Executes the synchronization in dry-run mode which includes all logging information. This option should be used for generating more verbose logging than provided by --debug . Use only for debugging complicated configuration or runtime problems. |
--use-insecure-ldap |
Uses an insecure LDAP connection when communicating with an auto-detected LDAP server. |
--version |
Shows the CrashPlan User Directory Sync version and exits. |
External resources
Microsoft: Active Directory: LDAP Syntax Filters