Appearance
Active Directory
Configure LDAP integration to synchronize user accounts from Active Directory. Navigate to Settings > Server > Active Directory.
Enterprise Feature
Active Directory integration requires an Enterprise license or an active trial period.
Enable
Toggle Enable LDAP / Active Directory to activate the integration. All other settings are hidden until enabled.
Connection
| Field | Description |
|---|---|
| LDAP URL | Address of your AD server. Use ldap:// for port 389 or ldaps:// for encrypted connections on port 636. |
| Base DN | Root of the directory tree to search. Matches your domain structure (e.g., DC=company,DC=com). |
| Bind DN | Service account used to query AD. Supports user@domain or full distinguished name format. |
| Bind Password | Service account password. Stored encrypted when database encryption is enabled. Leave empty on subsequent edits to keep the existing password. |
Click Test Connection to verify connectivity and credentials.
User Filter
| Field | Description |
|---|---|
| LDAP Filter | LDAP query that determines which AD objects are included in the sync. The default selects active person accounts with a userPrincipalName. |
| Email Attribute | AD attribute used as the user's email address in Truetask. Choose userPrincipalName if users don't have the mail attribute populated. |
Organizational Units
Click Discover OUs to list organizational units and containers from your AD with user counts. Uncheck any OUs you want to exclude from sync — typically service accounts, computer accounts, or test users.
Admin Promotion
Toggle Promote AD admins to automatically assign the Admin role to members of specific AD security groups. Click Discover Groups to select which groups should map to the Admin role. All other synced users receive the default User role.
Automatic Sync
| Interval | Description |
|---|---|
| Manual only | No automatic sync. Use the Sync Now button. |
| Every hour | For high-turnover environments. |
| Every 6 hours | Recommended for most organizations. |
| Every 12 hours | Stable teams with infrequent changes. |
| Daily | Minimal sync frequency. |
Sync Users
| Button | Description |
|---|---|
| Preview | Shows which users would be created or updated without making changes. |
| Sync Now | Pulls users from AD and creates or updates Truetask accounts. |
After sync, the results panel shows counts of created, updated, unchanged, and excluded accounts, plus any errors.
Sync Behavior
- New users are created with a random password, marked as verified, and assigned the User role (or Admin if in a promoted group).
- Existing users have their enabled/disabled state synced from AD. Roles are only upgraded, never downgraded.
- Users not found in AD are not deactivated — existing accounts and data remain intact.
- All sync events are recorded in the Audit Log.
Authentication
When LDAP is enabled, users can sign in with their Active Directory password. Truetask attempts an LDAP bind first. If AD is unavailable, authentication falls back to the local password (cached from the last successful LDAP login).
For the full setup walkthrough, see the Connect to Active Directory guide.