w8i5a (w8i5a) asked a question.
Okta / AD integration questions
Hey folks,
I’m reading through the docs here: https://help.okta.com/en/prod/Content/Topics/Directory/ad-agent-main.htm
and have a few questions I didn’t find answers for.
- Once the Okta AD agent has been installed on one (or more) of my AD servers, will the sync be bi-directional (i.e. can I add users in either my AD or in Okta, and have them populate in both places)?
- Does the Okta agent need to be installed on a windows domain controller, or can I install it on any server joined to the domain?
Many thanks!
Thank you Priti,
So it sounds like you're recommending installing the agent on domain controllers, not just any domain-joined server, is that right?
We've had no issues installing the AD agent on domain joined servers and not the DCs.
Okta documentation mentions you do not have to install the agent on the the domain controllers. However, it did not work for our org.. not sure if it had to do with some other network issues. When we tried it directly on DCs it had worked.
So my recommendation would be to install on a domain-joined server first.
Attaching a screenshot from Okta documentation.
Hope it helps.