Why Multi-Cloud

Single Source of Truth Architecture

Hosting Controller’s AD Connect Sync, is a tool designed to support an architecture where the existing on-premises Microsoft Active Directory serves as the single source of truth for core Identity and Access related data.

This core data includes:

  • check_circle User Accounts
  • check_circle Passwords
  • check_circle Groups
  • check_circle Group Memberships

  • Active Directory to Cloud IAM Synchronization

    Various IAM Targets

    Enable an organization to setup automatic synchronization between master AD and one or more public IAM systems including:

  • check_circle Amazon AWS
  • check_circle Microsoft 365
  • check_circle Microsoft Azure
  • check_circle Google Cloud Platform
  • check_circle Any Other Cloud Hosted Active Directory
  • Synchronize identities, group membership and passwords to various IAM targets with ease.

    AD Connect Sync is not standard AD Replication

    Used to synchronize Active Directory data where normal Active Directory replication cannot be used for any reason.

    Active Directory to Active Directory Synchronization

    Enables one master Active Directory and changes are synchronized to other AD instances.

    Synchronize Passwords

    Synchronize Passwords

    Keep your Active Directory passwords synchronized across your internal and external Active Directories. Make it easier for administrators to replicate and track password changes across Active Directories.

    Synchronize Identities

    Synchronize Identities

    Perform one-way synchronization of identity data (users, groups) between master AD and your hosted Active Directory. Manage account changes across multiple systems.

    Synchronize Groups

    Synchronize Group Memberships

    Reflect group membership changes made in master Active Directory, to the hosted environment in real-time. Provide a complete and efficient identity management solution to your business.

    Multi-Cloud Synchronization

    The bulk of security still revolves around having users, identified by their passwords, having access to resources through a role based security or group policy. Organizations have spent years maturing their Active Directory infrastructure and processes.

    As an organization onboards yet another public cloud, it comes with its own set of IAM (Identity and Access Management) paradigm. While configuring security and group policies is an allied and most important task of onboarding another cloud platform, the regular assignment and revocation of those policies to users quickly becomes an operations nightmare if not automated.

    Hosting Controller is a unified cloud management tool (also called control panel) and includes support for multi-cloud deployment in different ways.

    But all those features share a way to synchronize changes between local master Active Directory environments and public cloud IAMs. It synchronizes:

    User Accounts

    User Accounts

    As a user is created in the master Active Directory, its replicated across multiple public cloud IAMs.



    Passwords are changed in the master Active Directory only through whatever security means are already in place for the organization. As soon as the password is changed in the master AD, it is automatically synchronized into multiple targets.

    Group Memberships

    Group Memberships

    As a user is assigned or revoked a group membership, it is synchronized in the IAM.

    Steps to Onboard a New Public Cloud

    Steps to Onboard a New Public Cloud

    Supported Deployment Topologies

    As your organization evolves and finds its optimum mix of on-prem and cloud based services, AD Connect Sync tool is there to support any and all Identity management topologies.


    One Source - One Destination
    Typical Use Case: On-Prem to Cloud


    One Source - Multiple Destinations
    Typical Use Cases: Distributed Applications


    Multiple Sources - One Destination
    Typical Use Case: Cloud Service Provider

    Highlight Features

    No trust relationship required

    No trust relationship is needed between the source and the destination

    Administrator full control

    Admins can choose just what they want to copy down to a single user, group or contact

    Real time synchronization

    Passwords are also copied in real-time and synchronized automatically across all targets

    LDAP compliant Active Directory

    Uses LDAP to synchronize between Active Directories

    Copying rules

    Copying rules enable rule based changes to data as it is being copied

    Audit Trail

    Maintains an audit trail of all activity through comprehensive logging

    Use Cases

    The business scenarios and rationale for using AD Connect Sync.

    Easy Monitoring

    It is important that you maintain a healthy synchronization between your local and Cloud Active Directories. Quickly spotting and diagnosing anomalies is the key to success. AD Connect Sync is accompanied by a robust monitoring tool, which not only identifies any bottle necks in the whole process but also makes available visual representations in the form of daily and weekly stats and reports.

    • Monitor multiple sync machines across different Domain Controllers, through a single interface.
    • Generate necessary alerts, if communication breaks either from the local AD or from the Cloud side.
    • Display system activation status.
    • Weekly and daily graphical representation of synchronized data.
    • Display number of sync objects in an organization.
    • Live view from different AD machines.
    • Advanced search filter to view successful/failed events.

    Why HC ADSync?

    There are plenty of good reasons to use HC ADSync for synchronizing your master AD identities with those in the Cloud. The most important ones are:

    AD Sync implementation

    Simpler Implementation

    HC ADSync is far easier to implement than other more complex options. Installing and configuring HC ADSync simply involves a few one-time configuration steps. HC ADSync is a simple service which requires an installation over the primary (or additional) domain controllers. Once installed, AD objects can be selected to initiate the sync process between the ADs.

    AD Sync complexity

    Minimal Complexity

    HC ADSync does not require a two-way trust relationship to be established between domains neither does it demand the added complication of deploying an ADFS infrastructure. No additional servers, SSL certificates or DNS entries are required.

    AD Sync cost

    Reduced Costs

    Costs can be cut substantially by deploying AD Connect Sync. There are no additional costs to consider above those of the licenses whereas other more expensive alternates like ADFS require additional server licensing, SSL certificates, hardware costs and/or virtual infrastructure resources and consultancy costs.

    Real-Time Synchronization Features

    Core features and functionality of AD Connect Sync.

    Synchronize Users

    Push newly provisioned users to the hosted/Cloud environment.

    Synchronize User Passwords

    Intercept changes to user passwords on the master AD in real time and replicate to related user object on the hosted AD.

    Synchronize User Attributes

    Sync any changes to user attributes such as displayName, company, mobile etc.

    Synchronize Groups

    Push newly created Distribution and Security groups to the hosted/Cloud environment.

    Synchronize Group Attributes

    Sync group attributes to the hosted environment.

    Change Group Membership

    Synchronize any membership changes to the Cloud environment.

    Synchronize Contacts

    Replicate new contacts seamlessly between master AD and Cloud.

    Specify Sync Intervals

    Choose convenient time intervals for synchronization.

    Transfer Securely

    Send requests securely over LDAPs.

    Customize Attributes

    Enable or prevent selected few attributes of a user to be synchronized.

    Synchronize Required Users

    Choose required few users, groups and contacts from a specific organization (OU) to be synced.

    Synchronize Across Multiple Cloud DCs

    Synchronize a single local AD with multiple Cloud Domain Controllers.


    • Less complex alternative to Single Sign-On (SSO).
    • Does not require a two-way trust relationship to be established between domains.
    • A lightweight solution for synchronizing.

    Have Questions?