Secure Printing Solutions

Pull Printing Solutions
All-in-One Printing Solutions

Managed printing - Active Directory or LDAP synchronization

How to dynamically synchronize Active Directory in print management software? See how it's done in Sentinel.

Ensure dynamic synchronization of all accounts in your Active Directory or LDAP with Sentinel managed print services user database. Each time an Active Directory user authenticates for secure print release (pull printing) at a Sentinel embedded or external print release controller (or even with a smartphone using NFC or QR code), the Sentinel print server software will update the user account details in the Sentinel database. 

This functionality is critical for managed printing in large enterprises or organizations such as government departments, who may have many thousands of user accounts. Sentinel's advanced scripting rules can automate various aspects of the interactions between Active Directory (LDAP) and Sentinel managed print functionality such as cross-vendor RFID code translations for multi-site compatibility. Enable Active Directory users to scan directly to their home directory (as specified in their Active Directory profile) from any MFP or MFD. 

The ability to dynamically synchronize with your managed print services software dramatically improves workflows resulting in improved quality of service.

In order to add and update the organization’s users into Sentinel system, Sentinel can synchronize to the organization’s users input source.

Sync. can be done to:

  1. AD LDAP
  2. External SQL Table
  3. Combined sync., both to AD LDAP and to external SQL Table

The sync. Is configured once after installation.

Activation is as follows:

When a new user, e.g., a user who is not in Sentinel system yet, send his/her first job to Sentinel printer, the users' details are retrieved from the organization’s users input source.

When the user wishes to release the job, the authentication already exists.

In Sentinel, Sync. is done via:

Settings -> Databases ->Auto Sync -> when “Enable Auto Sync” is marked.

Assuming that all users’ information is stored in AD LDAP, the configuration will include:

  • Domain name;
  • AD user + password that v=never expires;
  • Field name, where the card ID is stored;
  • For scanning: User Email;
  • Other fields according to customer’s request (they will be added the same way as E-mail is added).

After all, information is added, “Test Connection” should be activated


Synchronisation to external SQL Table:

Assuming that all users’ information is stored in external SQL Table (Usually door entry system), the configuration will include:

  • Field name including username, and field name, where the card ID is stored
  • For scanning: User Email.
  • Other fields according to customer’s request
  • SQL Table name
  • Connection string to the SQL Table


Combined Sync.:

Sometimes not all user information is stored only in one source.

For example, the username and Email are stored in AD LDAP, but the card ID is stored in eternal SQL Table (Usually door entry system).

In that case, both configurations will be added, and the option “AD and SQL Sync” (use if card data is stored in a separate SQL database) will be marked.

The configuration should include the connection between the two sources as follows:

There’s always field in AD LDAP, which has the same meaning as a field in the external SQL Table.

In AD LDAP configuration the field will be ID field name.

In the external SQL Table confirmation, the field will be User field name.

All other parameters will be added as described above.

Automatic Synchronization

There is an option to activate AD sync. Automatically, by running an application as a task (For example: each day at midnight).


  1. Add users from AD into Sentinel
    Run as command line in C:\Sentinel

  2. Delete users not in AD from Sentinel
    Run as command line in C:\Sentinel
    ADGetFullListUsers -DU

Pinit Fg En Rect Red 20