Active directory synchronization
With the public services of the Telekom platform, you have the option of keeping your Microsoft Active Directory permanently synchronized with Cloud Manager. After booking the appropriate product option, a VPN (Virtual Private Network) connection first has to be established between your infrastructure and the Telekom platform. You can then select the items (containers) in Cloud Manager that are to be synchronized, and complete the setup of active directory synchronization.
Setting up a VPN connection
To set up the VPN connection, first select the “Active Directory Synchronization” menu item and then enter the data required for the setup in the form. In addition to the contact details of a contact person, the IP address of the tunnel endpoint (external IP address) as well as the internal IP address of your active directory server are required to establish the connection. Please also make sure that there are no NAT devices or proxy servers inside the tunnel.
You will then see a setup status page that will give you information about the next steps. After submitting your data, within 24 hours on weekdays, you will receive an email with further instructions on how to set up the VPN connection, including the hash value required for the connection.
Tunnel endpoint on a Telekom page
- Public WAN IP address of the tunnel endpoint: 94.100.242.122
- Private IP of the system behind the tunnel endpoint: 172.29.31.0, mask: 255.255.255.0
IKEv1 data:
Phase 1:
- Encryption: 256 Bit AES-CBC
- Integrity: SHA-2 256 Bit
- Key exchange algorithm: MODP-3072
- Key validity: 480 minutes
Phase 2:
- Encryption: 256 Bit AES-CBC
- Integrity: SHA-2 256 Bit
- Protocol: ESP
- PFS: on if MODP-3072
- Key validity: 60 minutes
Once the connection setup is complete, you can proceed with setting up active directory synchronization.