AD Sync

Keep NOBA users and groups in sync with your directory service.

Setup

1. In NOBA Settings → AD Sync, create a directory (Azure AD or LDAP).
2. Click Test Connection to verify reachability.
3. Configure group role mapping and group tenant mapping (optional).
4. Set the sync interval and trigger the first sync.

Sync Behavior

• Full sync: First sync enumerates all users and groups.
• Delta sync: MS Graph API supports delta queries for efficient incremental sync.
• Disabled users: Terminated/disabled employees are NOT enabled in NOBA.
• Re-enable logic: Users wrongfully disabled by a stale directory are re-enabled when the correct directory syncs.
• Mass-change safety: Sync aborts if >50% of users would be disabled in a single run.
• Dual-directory protection: A user can only be linked to one AD directory at a time.