Fork me on GitHub

To keep everything updated with current user data you can enable a synchronization from WordPress back to your Active Directory.

Sync to Active Directory in Next ADI

Sync to Active Directory

Enable sync to AD

By enabling this option ADI will automatically synchronize the user's profile back to the Active Directory if they have changed.

The synchronization is automatically triggered whenever a user profile gets updated.

Use Sync To AD service account

By enabling this option users will not be asked for their Active Directory password when updating their WordPress user profile. Instead a dedicated Active Directory service account is used.

NOTICE: The password of this service account is stored encrypted, but USE IT AT YOUR OWN RISK. To avoid this you have to grant your users the permission to change their own Active Directory attributes.

Setting the Active Directory permissions

Without setting the the Active Directory permissions persisting the attributes in the Active Directory will silently fail. In the logss/debug.log you will see the error

adLDAP last error: Insufficient access

To set the permissions you have to follow these steps:

Step Example
Use ADSI Edit to connect to your Active Directory
Navigate to the Organizational Unit where your users reside and select Properties from the context menu
On the tab Security choose the name SELF (SELBST) and enable the permission Write
Click on the button Advanced, navigate to the access permission Write for the principal SELF and click on Edit
Select This object and all descendant objects from the Applies to select list
Save the settings

Service account username

If Use Sync To AD service account is enabled the username of the service account must be defined. Please note that you have to explicitly add the domain information by appending the domain suffix.

The option User > Account suffix or any other configuration will not be applied for the service account.

Service account password

This option defines a NEW password for the Sync to AD service account. Leave this field blank if you donĀ“t want to change the password.

Auth code

The authentication code must be used if you want to trigger the synchronization with help of a cron job. The menu option Sync to AD shows you the code snippets for wget and curl.