Knowledgebase: AD Sync
Setting up of Active Directory (LDAP Discovery)
Posted by Travis J, Last modified by David Szoke on 12 January 2018 09:00 PM

Active Directory (LDAP Discovery)

The preferred method of user synchronization is via LDAP Discovery using Proofpoint Essentials’ Active
Directory connector module. This allows the Proofpoint Essentials Platform to import:

• Active users (including both primary email address and user aliases)
• Distribution lists
• Security groups (both standard and mail enabled)
• Public folders


To configure Active Directory connection settings:

  1. Click on the Company Settings tab.
  2. Click on the Import Users tab.
  3. Choose the default privileges type for new users.
    End User: Receive the quarantined digest and can login to the Proofpoint Essentials user interface.
    Silent User: Receive the quarantine digest and are not granted access to login to the Proofpoint Essentials
    user interface.
  4. Enter Active Directory URL.
  5. Enter Username.
  6. Enter Password.
  7. Enter BaseDN.
    For example, DC=mycompany,DC=local
    The Active Directory configuration is stored in the customer creation process and is executed by the
    administrator once the customer has been created. Active Directory sync requires the customer to allow
    Proofpoint Essentials to access the environment over Port 389. Connections are over TLS. Please refer to
    the Proofpoint Support Knowledge Base for the current list of Proofpoint Essentials IP addresses.
  8. Choose What to Sync.
    1. Active Users (Users with mailboxes).
    2. Disabled User Accounts.
    3. Functional Accounts (Mail-enabled objects such as Public Folders).
    4. Security Groups.
    5. Include items hidden from the GAL (Global Address List).
  9. Choose How to Sync.
    1. Add (Add new user objects found to Proofpoint Essentials).
    2. Sync Updated Accounts (update details for previously synched accounts).
    3. Delete Removed Accounts (remove accounts from Proofpoint Essentials if no longer
      present in Active Directory).
    4. Sync Every 24hrs (Perform sync automatically every 24 hours).
  10. Click Save.



  1. We only support the use of one (1) OU.
  2. Disabled User Accounts, when created or synced, these are labeled as "Not Active."

At the end of this process you will have saved your Active Directory Connection details. If you have selected to
sync data every 24 hours the system will perform the sync automatically. If not you will need to force the sync

To sync Active Directory:

  1. Click on the Users & Groups tab.
  2. Click on the Active Directory sync tab.
  3. Click Search.
    Review the returned results.
  4. Click Execute.

To watch a video "How To" on this please go to the following link:  Synching with Active Directory

(7 vote(s))
Not helpful

Comments (0)