A System Admin’s Guide to Setting Up Zoho One Using Active Directory (Part I)

1.    INTRODUCTION

In today’s digital age, it’s a necessity to integrate cloud solutions like Zoho One with legacy systems like Active Directory (AD) for efficient and secure enterprise management. Zoho One offers powerful tools, but to maximize its potential, seamless integration with AD is crucial. This integration streamlines user management, strengthens security, and simplifies compliance.

This first guide of a two-part series is for system admins. System admins who have basic knowledge of Active Directory and cloud services. This guide will give you the skills to configure Zoho One with Active Directory. It will help you manage users securely and effectively.

2.    PREREQUISITES

Before linking Zoho One to Active Directory, ensure you have the required tools and configurations. These essentials will simplify the setup and prevent issues later.

2.1. Zoho One Subscription and Admin-level Access

You need a Zoho One account with admin privileges to proceed. If you don’t have one, create it here.

A Zoho One account gives access to Zoho Directory. It is vital for connecting your Active Directory server to other domains.

2.2. Zoho Directory Connected with Your Custom Domain

Linking your custom domain to Zoho Directory plays a vital role in this setup. Have you ever wondered why it is so important?

The answer is short. This connection will sync your Active Directory with Zoho. It will streamline user and asset management and maximize security.

2.2.1.      How to Add and Verify a Domain in Zoho Directory?

Make sure you begin by adding and verifying your domain in the Zoho Directory. To complete this task, link your domain to Zoho to manage DNS settings and verify that the platform has approved your domain.

You’ll need an established domain server (like GoDaddy) to efficiently manage your DNS.

After that, open Zoho Directory within Zoho One. Navigate to the Menu, select Directory, then go to Domains and click Add Domain.

Enter the domain name and click Add. Copy the displayed value.

Verify your domain by adding a TXT record to your domain host. Log in to your domain hosting site, go to Domain, and select Manage DNS.

Click Add a new record. Choose the TXT record type. Leave the Name field blank or enter @. Paste the copied value into the Value field. Set the TTL and click Save.

Wait ~15 minutes, then verify the domain in Zoho Directory by clicking Verify Domain. Ensure the domain is successfully verified.

2. PREPARING THE ACTIVE DIRECTORY ENVIRONMENT

Before you link Zoho One to Active Directory (AD) it’s important to make sure your AD environment is ready. This section will walk you through setting up an Active Directory on Microsoft Azure. It will also help you optimize it for performance and structure your users and groups.

Setting up this now will enable a secure integration between Zoho One and your AD system. And will allow for effective management.

3.1. Active Directory Setup

First, set up an Active Directory environment. It must have organized users, groups, and OUs. This setup is the core of your Zoho One integration. It allows for centralized user management and smoother operations.

3.1.1. How to Create an AD Environment Using MS Azure?

We’ll create an Active Directory environment in a VM on Azure running Windows Server 2019 for a streamlined setup. While other methods exist, but it’s the most efficient one.

3.1.1.1. Creating a Virtual Machine in Azure

First, create a Microsoft Azure account or log in to your existing account.

To create a VM, search for virtual machines in the Azure portal. Then, select Virtual machines from the results.

Then, click Create followed by Azure virtual machine.

Now, configure the basic settings to create a Windows Server 2019 VM in MS Azure.

Under Subscriptions, choose your Azure subscription and select or create a resource group. In Instance details, name your VM. Then, select the Azure region and choose the availability options.

Choose Windows Server 2019 Datacenter as the operating system image. Select a suitable VM size based on your requirements. Note that you can adjust the VM size later if needed.

Under Administrator account, choose either Password or SSH public key. Then, provide the required credentials. Select the ports to be opened, typically RDP (3389) for remote access.

For disk and network configuration, use Azure’s default settings. They are generally recommended. You can click “Next: Disks >” to customize disk options. Or, go to Networking to configure the virtual network, subnet, public IP, and network security group (NSG) as needed.

Check Management tab for backups, Monitoring tab for alerts and diagnostics, and Advanced tab for custom settings, agents, scripts, or apps.

Click Review + create to verify your settings. Then, click Create to initiate the VM deployment process.

Once the deployment is complete, your virtual machine will be ready for access.

3.1.1.2. Configuring Windows Server 2019 on VM and Initial Server Configuration

After deployment, go to the Virtual Machines section in the Azure Portal. Then, select your VM from the list.

Click on Connect and choose RDP. Download the RDP file and use it to establish a connection to your Windows Server 2019 VM.

After deploying your Windows Server 2019 VM on Azure, perform the initial configurations. In the VM, open Server Manager. Click Add roles and features to install the needed components.

Follow the wizard to select and install roles and features based on the server’s intended use. If the server will be a Domain Controller, use this wizard to install the Active Directory Domain Services (AD DS) role. This will be covered later in this article.

To configure remote access, go to Control Panel. Click System and Security, then System. Finally, select Remote settings. Under Remote Desktop, choose Allow remote connections to this computer.

Check that your account or groups have the right permissions to access the server remotely.

3.2.      Adding Active Directory Domain Services to Windows Server 2019

Once your virtual machine is ready, the next task is to set up and configure Active Directory Domain Services (AD DS) on your Windows Server 2019. To establish an Active Directory setup, it’s necessary to add the AD DS role to your machine.

Open Server Manager and click on Add Roles and Features. In the Add Roles and Features Wizard, select your server from the Server Selection section and click Next.

In the Select Server Roles step, choose Active Directory Domain Services and click Next. A new window will appear detailing the features that will be added as part of AD DS. Click Add Features and then Next.

Open Server Manager and click on Add Roles and Features. In the Add Roles and Features Wizard, select your server from the Server Selection section and click Next.

In the Select Server Roles step, choose Active Directory Domain Services and click Next. A new window will appear detailing the features that will be added as part of AD DS. Click Add Features and then Next.

3.2.1.      Promoting the Server as Domain Controller

After installation, you will be asked to promote this server to a domain controller. Click Promote this server to a domain controller.

In the AD DS Configuration Wizard, select Add a new forest under Deployment Configuration. Then, enter your root domain name (e.g., ‘example.local’).

Set a Directory Services Restore Mode (DSRM) password and click Next. Select the DNS server option under Specify domain controller capabilities.

Configure the DNS Options and click Next. In the Additional Options section, set the NetBIOS domain name and click Next. Then, specify the paths for the AD DS database in the Paths section and click Next. Finally, review your selections in the Review Options section and click Next.

Ensure the Prerequisites Check completes successfully, then click Install.

After the installation is complete, your OS will require a restart to apply the changes.

3.2.2.      How to Resize your VM from Azure

To optimize your Windows Server 2019 running AD DS, go to the Azure Portal. In your server’s settings, click on Size. Select a more powerful option with more RAM and vCPUs. Then, click Resize to resize your virtual machine.

More resources will greatly improve your virtual machine’s performance. It will run more intensive AD DS processes more efficiently.

3.3.      Adding Users and Groups to Active Directory

After setting up your AD environment, the next step is to organize it by including users and groups. This segment will show you how to create OUs, users, and groups. This will help you manage a structured Active Directory (AD) environment.

3.3.1.      Creating Organizational Units (OUs)

To add users and groups to your Active Directory, access Server Manager on the new AD DS server in Windows Server 2019.

In Server Manager, navigate to Tools and select Active Directory Users and Computers.

Next, create an OU. Right-click the domain name. Select New, then Organizational Unit.

Enter the name for the OU (e.g., Sales), then click OK. You have now successfully created an organizational unit. The next step is to create users within this OU.

3.3.2.      Adding and Managing Users

To create users, navigate to the newly created OU, right-click it, and select New. Choose User, enter the user details, and click Next. Set a password for the user, then click Finish.

Repeat this process for each user you wish to add. Additionally, you can add further details for an individual user by accessing their properties. Click Properties, add the necessary details, and click OK.

3.3.3.      Creating and Managing Groups

To create groups, navigate to the OU and click New. Select Group, enter the group name, and choose the group scope. Next, select the group type and click OK.

Repeat this process for each group you wish to create. To add members to a group, right-click the group, go to Properties, and click on Members. Click Add, enter the user names, click Check Names, select the users you want to add, and then click Add. Finally, click Apply.

Congratulations! The challenging part is complete, and your Active Directory environment is set up. You are now ready to solidify the defense of your Zoho One using Active Directory.

4.    CONFIGURING ZOHO DIRECTORY SYNC

Setting up Zoho Directory Sync is a part of linking your Active Directory with Zoho One. This procedure ensures that your AD users and groups are mirrored as expected in Zoho One.

This segment will guide you to install the Zoho Directory Sync tool. It will also help you to connect your AD to Zoho One. You will map users and groups, and adjust sync preferences to fit your needs.

4.1. Installation of Zoho Directory Sync

To sync your Active Directory with Zoho One, first download and install the Zoho Directory Sync tool. This tool connects and syncs users, groups, and organizational units between your AD server and Zoho Directory.

Sign in to your Zoho One account. Navigate to Zoho Directory, select Directory Stores, and click Add Directory. Hover over Active Directory and click Add. Then, click Download to obtain the Zoho Directory Sync tool for your LDAP server.

Locate the downloaded file and install it on your system running Active Directory/LDAP server.

Note: You must have added and verified a domain in Zoho Directory to download the Sync Agent. See section 2.2 of the Prerequisites for instructions on connecting Zoho Directory with your domain.

4.2.      Connecting AD to Zoho One

After installing Zoho Directory Sync tool, the next step is to link your Active Directory with Zoho One. This lets Zoho One access and sync the AD info. It creates a directory system that spans both platforms.

Open the file ‘SyncTool.exe’ in the Zoho Directory Sync tool’s install directory. Once the tool is open, navigate to the Zoho Sign-in section

Click Sign-in as admin. Next, click the icon next to the Login URL to copy it. Make a note of the Verification Code, as you will need to enter it in the subsequent steps.

Open a browser and paste the copied Login URL into the search bar. If prompted, sign in to your Zoho Directory account. Enter the Verification Code when requested and click Verify. Then, click Accept to grant Zoho Directory access to the specified data. You will be signed in to the Sync Tool shortly.

Navigate to LDAP Configuration and sign in using your LDAP domain’s administrator credentials. Authenticate with all required domains and click Next.

4.3.      Mapping Users and Groups

With the AD connected to Zoho One, map your OUs, users, and groups in Zoho Directory Sync. Proper mapping ensures that the right users and groups are synced. This maintains the org structure and access controls.

To add organizational units (OUs), click Add OUs. After successfully adding the OUs, click Next.

Note: Click View Count in the Select OUs section. It shows the eligible users and groups for sync.

To filter sync objects further, go to Exclusion Rules and click Add Rule. Select the objects to filter. Choose the field name and criteria. Then, enter the values and click Add.

Go to Attributes. Map the LDAP fields to the Admin Panel’s fields.

If any users lack a domain-based custom email, use the Replace Domain option under the Email Address attribute.

4.4.      Sync Settings

You can adjust the sync settings. This fine-tunes how user accounts, groups, etc. are handled during syncing. These settings ensure the sync follows your organization’s rules and needs. This allows for a good integration.

Navigate to Sync Settings. Set the default password. Configure user settings. Create an LDAP group. Establish groups for organizational units (OUs). Manage email deletion synchronization. After configuring these settings, click Save.

Below is a detailed explanation of each option in Sync Settings.

• Default Password: A one-time default password is used for new Zoho accounts; users must set a new password upon first sign-in.
• User Settings: Controls how the Sync Tool manages user accounts deleted in Active Directory.
• Create LDAP Group: Creates a Zoho Directory group named after your Portal Name for AD-synced
• Create Groups for OUs: Creates a Zoho Directory group named after each synced OU.
• Sync Email Deletion: Determines if changes to a user’s secondary email in AD are synced directly or updated as a new email address.

5.    INITIAL SYNC AND VERIFICATION

After setting up the Zoho Directory Sync tool, initiate the first sync. This ensures that all the right users and groups are synced. This section will walk you through starting the sync and confirming a successful integration.

5.1. Running the Initial Sync

To start syncing, choose the users and groups in the Directory Sync tool that you want to sync with Zoho One. After you make your selections, start the sync. It will move the selected info from your Active Directory to Zoho Directory, aligning both systems.

In Directory Sync, select the users or groups to sync. Then, click Sync to start the initial sync.

To schedule regular synchronization, navigate to Schedule Sync and enable it. Configure the desired sync schedule and click Save Schedule.

5.2.      Verifying Sync Results

After the initial sync, it’s crucial to confirm it was successful. This includes checking the SyncTool reports and the Zoho Directory. We must ensure that all intended data was accurately transferred to Zoho One.

In SyncTool, go to Reports and click View Reports. This will confirm a successful sync between your LDAP server and Zoho One.

Next, go to Zoho One and open Zoho Directory. Click on Directory Stores, select Active Directory, and review the connection.

Finally, review the synchronized users and groups in Zoho One. Verify that all user details are accurate.

6. CONCLUSION

In this first part, we’ve covered the steps to connect Zoho One with Active Directory. We prepared your AD environment, set up Zoho Directory Sync, and ran the initial sync. These actions lay a groundwork for managing users and assets in Zoho One.

Moving forward, our focus will shift to enhancing security measures in Zoho One. We’ll explore security features, like multi-factor authentication and conditional access policies. They will ensure your system is safe and robust.