Configure incremental imports for AD LDS

Incremental import with LDAP generally relies on an accurate modifyTimestamp value to identify changes since the last import. Each user, group, and OU/container entry in the LDAP server must have accurate modifyTimestamp values for incremental import to work.

Okta also supports the use of the Update Sequence Number (USN) for AD LDS users to support incremental imports.

To use the USN for incremental imports, all your LDAP agents must be at version 5.6.2. If you aren't using AD LDS or if any Okta LDAP Agent is version 5.6.1 or below, you'll have the option to select the change tracking attribute of USN. The agent, however, will revert to modifyTimestamp.

Additionally, you must have the following features enabled for your org:

• The updated LDAP provisioning user interface
• Incremental imports
• USN incremental imports

After you've updated any outdated Okta LDAP Agent to 5.6.2 or higher, you can set the change tracking attribute for incremental imports as follows:

1. On the Okta Admin Console, click DirectoryDirectory Integrations and select your LDAP instance.
2. Click Provisioning and select To Okta in the Settings list.
3. In the General section, click Edit.
4. Select the Enable checkbox next to Incremental import.
5. Select the change tracking attribute that you want to use: USN or modifyTimestamp.
6. Click Save.