What are the supported Operating Systems for the Agent?
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Note: Effective March 1st. 2023 Passly only supports this agent when installed on a Domain Controller. Installation to a Domain Joined Server is no longer supported.
Do the Default OU's always sync?
By default we ignore following containers:
- "Infrastructure".
- "System".
- "Program data".
- "Infrastructure".
- "LostAndFound".
- "Deleted Objects".
- "Microsoft Exchange System Objects".
- "NTDS Quotas".
- "TPM Devices".
If you need to use one of the above containers it will need to be renamed in order to sync.
How long does it take to sync Active Directory changes to Passly?
- Between 1 and 5 minutes. A full sync occurs every 24 hours in the case that anything between Passly and Active Directory became out of sync. If there are a large amount of users in Active Directory this may take longer.
How can I check the last time a sync occurred?
- Sign on to Passly as an Administrator
- Navigate to Directory Manager > Directory Sync
You will see your Directory Sync agent in the list of All Agents. The “Last Checked In” column has the date and time of the last time the agent synced.
What happens when I enable "Synchronize password changes from Passly to Active Directory"?
- If you enable this feature, whenever a user changes their password in Passly it will sync to your Active Directory domain controller. Also, whenever the user changes their password in Windows, it will still be synced to Passly.
- Passwords changed in Passly will adhere to the Active Directory password policy when this is enabled.
If a user is added, updated, or deleted in Active Directory when will that be reflected in Passly?
- Between 1 and 5 minutes. A full sync occurs every 24 hours in the case that anything between Passly and Active Directory became out of sync.
What restrictions are placed on a synchronized user in Passly?
You cannot change the following details on a user in Passly if the user is a synchronized user. You will have to change the details of the user in Active Directory and allow the DirSync agent to synchronize the changes.
- Display Name
- Email Address
- Username
What restrictions are placed on a synchronized group in Passly?
You cannot change the name of the synchronized group in Passly or add Users to the synchronized group from the Passly portal.
Legend for Directory Sync Agent selectors.

Green is reserved for a parent that has children when the Parent is not actually being synced, only a child of the parent is being synced.
Explanation: In the picture above with the green box, this mean that the parent is NOT being synced, but contains a child being synced.
- This a parent when the child is being synced and the parent is not.
- If the parent was also being synced, it would be a light blue box instead of a green box.
- The green tells the user that there is a child OU that is being synched under this parent.
Blue is reserved for an OU that is actually being synched.