How does Okta Active Directory sync work? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0mjia0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rocky ReyesRocky Reyes 

How does Okta Active Directory sync work?

Greetings All,

When I make a change in Active Directory on my local domain controller and the perform an Active Directory sync in Okta, the changes are not instantly reflected.

During a sync, where is Okta looking for AD information? And how long should a sync take?

I have an AD sync agent servers at each office location that contains a DC, if that helps any.

Thanks!
Best Answer chosen by Niki (Okta, Inc.) 
Asher RosenbergAsher Rosenberg

How many DC do you have and where are your AD Agents installed?

We were seeing what we beleived was delayed synching, but after some investigation we realized all the changes were being made on AD Servers in EMEA, while all of our agents were in the US and usig US DCs. Synching between DCs can take up to 15 minutes in our environment, so that had to be accounted for.

All Answers

Asher RosenbergAsher Rosenberg

How many DC do you have and where are your AD Agents installed?

We were seeing what we beleived was delayed synching, but after some investigation we realized all the changes were being made on AD Servers in EMEA, while all of our agents were in the US and usig US DCs. Synching between DCs can take up to 15 minutes in our environment, so that had to be accounted for.

This was selected as the best answer
Rocky ReyesRocky Reyes
We have 5 sites. 3 are in the US and 2 are in Europe. Each site has a DC and and Okta AD agent server.

I thought that if I make my modifications on the local DC, updates would be handled by the local Okta AD agent server and the content would be reflected in Okta almost instantly. But this is not the case as it could take up to 15 minutes.

Could this be a result of having too many Okta AD Agent servers? It almost seems like all the DCs and Agent servers must replicate before information is sent to Okta. Is this the case?