What are the limitations of Active Directory Sync on Workplace?

The AD Sync Component has the following limitations:
  • Only syncs users from the Active Directory domain that the server belongs to or to a domain in the same AD forest that has the appropriate trust relationships established.
  • Only configured to sync users based on: LDAP filters (ex. a specific user class or attribute value), or AD security / distribution groups.
  • Will only handle up to 100,000 users max (approx.) using the default admin-less SQL Server 2014 Express LocalDB. Syncing more users requires an admin to manage their own database.
  • Has only been tested on Active Directory domains and forests at the Windows Server 2012 functional level.
  • Only allows customizing the following user-profile attributes' mapping rules: formatted name, and location; all other attributes will be mapped by default logic.
  • Won't sync users that don't have an AD value for these three required Workplace fields: email address, display name and family name.
Was this information helpful?