Setting up the Active Directory Sync Service
Note: This requires .NET 4.7.2 or newer
This article covers the steps required for setting up the ThreatLocker Active Directory Sync tool. This tool is responsible for syncing your Active Directory groups, allowing you to select them when creating\editing policies in ThreatLocker.
Permitting the Service
Before installing the service, it is advised to create a policy to permit the "ThreatLocker AD Sync Service (Built-In)" application for the computer you are installing it on. The device you're installing the service on must have ThreatLocker on it.
Setup the Sync Service
Note: This does not have to be installed on a domain controller. If this is not installed on a domain controller, you must specify the domain controller in the config file.
- Download the .ZIP folder from the link above
- Extract the .ZIP folder to the root of the C:\ drive
If you're extracting the folder anywhere else, right click the "install.bat" file and click edit. Specify the exact location of the folder as shown below:
It can be put anywhere, so long as it's referenced correctly in the installation file.
- Create a new text document inside the extracted folder called apiurl.
- Inside the apiurl document, type your ThreatLocker URL. For example, https://api.b.threatlocker.com.
- Run the "Install.bat" file inside the ThreatLockerADSyncTool directory as an Administrator (no changes to the CONFIG file needed)
- Go to the ThreatLockerADSyncTool directory
- Right click "ThreatLockerADSyncTool.exe (CONFIG file)" in a text editor
- Update the "DomainController" Value="" to include the hostname of the Domain Controller
- Save any changes made to the CONFIG file
- Run the "Install.bat" file inside the ThreatLockerADSyncTool directory as an Administrator (no additional changes to the CONFIG file needed)
Updating the ThreatLocker Active Directory Sync Tool
If you're currently utilizing a previously-existing version of this program, the update process for the tool can be found below.
Stop the Service
- On the machine that has the ThreatLocker AD Sync Tool installed on, open Command Prompt (Admin) and stop the service with the following command:
Net Stop ThreatLockerADSyncTool
Replace the files
- After the service is confirmed to be stopped, open the directory where the ThreatLockerADSyncTool.exe and corresponding CONFIG file are located
- Replace the old ThreatLockerADSyncTool.exe and CONFIG file with the latest versions
- Edit the CONFIG file to make any adjustments if not on a Domain Controller
- Save the CONFIG file
Start the Service
- Restart the service on the machine by opening Command Prompt (Admin) and start the service with the following command:
Net Start ThreatLockerADSyncTool
Running the ADSyncTool After a Failed Attempt
If you have already downloaded and attempted unsuccessfully to run the ADSnycTool, you may need to remove the groups.json and uploads.json files from the ThreatLockerADSyncTool file. This can be accomplished by simply moving the files, or you can delete these 2 files.
ThreatLocker collects the following data from your AD environment:
- Group Names