Check AD DirSync readiness
Use the DirSync Readiness Check to verify that your Active Directory (AD) agents are correctly configured and have the necessary permissions to use DirSync for faster, incremental imports. DirSync can't be enabled until all agents pass this check.
Prerequisites
Enable AD DirSync in your Okta org. If DirSync isn't enabled, the readiness check isn't available.
Start this task
-
In the Admin Console, go to .
- Find and click the AD integration on which you want to perform a readiness check.
- Go to the Agents tab. A banner appears if any agents fail to meet the requirements for DirSync.
- Click Check now in the DirSync Readiness Check section to start the analysis.
- The Check DirSync Imports Readiness page lists any agents that have yet to have a readiness check complete, or fail to meet the requirements to enable AD DirSync. The following table lists the possible issues that an agent can have (these are the Required Action values) and how to resolve them.
Required Action
Issue
Resolution
Update Agent The AD agent isn't the minimum required version or later. Update the AD Agent to version 3.20.0 or later. Grant required permission The service account running the AD Agent lacks the permissions required to use DirSync. Grant the service account running the AD Agent the permissions for imports with DirSync. Agent unreachable. Refresh to retry. The agent is unresponsive or may be deactivated and no response was returned by the agent. Check your AD Agent to ensure that it's active and responsive. If the agent is deactivated, you should either reactivate or delete the agent. - The text Agents Ready for DirSync replaces the list of agents when all required actions have been addressed. You can now enable DirSync. See Enable imports with DirSync.