Active Directory Integration
Dashlane's Active Directory (AD) Integration works with your AD to automatically provision (and optionally de-provision) users to your Dashlane Business plan.
To use AD Integration, please make sure you are running Windows PowerShell 3.0 or greater.
Active Directory Integration Configuration
To configure the synchronization of your Active Directory, please follow these steps:
- Navigate to the Admin Console > Settings > Active Directory
- Copy the Dashlane AD script displayed in the gray window
- Save it as 'dashlane-ad-sync.ps1' on a server or workstation in your domain
- Edit the script to customize the Organizational Units (OUs) variables to match your organization’s implementation. You can also customize where the sync will save temporary files if desired
NOTE: users MUST have an email address - we strongly recommend only including business email addresses.These email addresses will receive a provisioning email, which recipients must respond to by "Accepting" the invitation to join the Business plan for your company. Automated de-provisioning is dependent on an exact match to this address.
- Run the script via Command Prompt or PowerShell to verify it is correctly syncing your Active Directory users with Dashlane. You should be able to confirm the sync is running by checking the last sync date under "Status" in the Admin Console > Settings > Active Directory
NOTE: The script should be able to run as a domain user (i.e. admin rights are not needed), and should be allowed to read the directory (by default, any user).
Setting up the Active Directory script to run via Task Scheduler
With the script saved to your domain, you’re ready to schedule it to run automatically on a period of time you define.
NOTE: It’s important the user account set to run this task is able to read Organizational Units (OU's) and user accounts in your Active Directory environment.
- Open Task Scheduler on your Windows device
- Select Task Scheduler Library
- Click the Action tab in the top left menu
- Then click “Create Task”
- Next click the General tab
- Type 'Dashlane AD Sync' in the "Name:" text box
- Next select Security Options
- Within Security Options: Check the box for 'Run whether user is logged in or not' and 'Run with highest privileges'
NOTE: Set a schedule for the script to run by creating a new trigger. In the example shown below, it will run daily at 1:00 AM.
- Dashlane Business admins cannot de-provision ALL admin users, as there must be at least 1 active admin for every Business account of Dashlane users
- Admins also cannot de-provision billing admins, as there must be at least 1 active billing admin for every Business account of Dashlane users
- All users considered by the script must have a specified email address in Active Directory