What are the limitations of Active Directory Sync on Workplace?
This article is only applicable to users of Workplace Essential and Workplace Advanced.
The AD Sync Component has the following limitations:
- Only syncs users from the Active Directory domain that the server belongs to or to a domain in the same AD forest that has the appropriate trust relationships established.
- Only configured to sync users based on: LDAP filters (ex. a specific user class or attribute value), or AD security / distribution groups.
- Will only handle up to 100,000 users max (approx.) using the default admin-less SQL Server 2014 Express LocalDB. Syncing more users requires an admin to manage their own database.
- Has only been tested on Active Directory domains and forests at the Windows Server 2012 functional level.
- Only allows customizing the following user-profile attributes' mapping rules: formatted name, and location; all other attributes will be mapped by default logic.
- Won't sync users that don't have an AD value for these three required Workplace fields: email address, display name and family name.