Active Directory Integration

Create an ADI Service Account in Active Directory

To set up Active Directory Integration, you must use a Domain Admin account, or set up a new user in AD with the following permissions for the ADI Sync setup:

  • read all user information
  • read all inetOrgPerson information

Below are instructions showing how to create an AD User with necessary read permissions:

  1. Open Active Directory. Right-click on your domain and select Delegate Control.
  2. On the Delegation of Control Wizard, add your ADI Service account (created previously).
  3. Delegate the following Tasks:
    • Read all user information
    • Read all inetOrgPerson
  4. Finally, you will need to reconfigure your ADI sync service if you want to use your new AD service account with ADI.  
    • To change the specified user browse to the C:\ProgramData\KnowBe4\ADI Sync\Config folder and delete the file named <domain>.dat. Then, open an elevated CMD and browse to the C:\Program Files\KnowBe4\ADI Sync folder, and then type: "adisync.exe config".

Can't find what you're looking for?

Contact Support