Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.

AD Sync Tool - LDAP

Hi all,

I am in the process of looking to migrate from our on-premise Sophos Enterprise (console version 5.5.1) to Sophos Central for Endpoint Protection. As part of this I would like to get a list of existing PCs into Central, and I believe the way to do this would be to install and confugure the AD Sync Tool from Sophos. After installing it, it is asking me for LDAP details. I have installed LDAP on one of our domain controllers, but this is far as I can get, I've never done anything with LDAP before and I don't think we currently use it for anything so I would appreciate any help with what to do and how to configure it after it has been installed in order to get this working specifically with Sophos Central.

Thanks in advance.

  • The main question is if your computers are controlled by Microsoft's Active Directory - if they are then you are good to go. LDAP is one of the ways used to query AD for its data which is what the tool does. In essence, you point it a the Domain Controller (or one of them if you have multiple) and tell it what OUs to read from and it populates a list of entries for the machines to migrate.

    If you are using local workgroups, however, you won't be able to do that because you won't have a central repository of knowledge.

    Please clarify if you are using AD or not in your environment.


    Here is the articles that can help you in this:


  • In reply to RichardP:

    Thanks for the reply. Yes, we are using AD in our environment, I have already installed LDAP on one of our domain controllers, but I have no idea how to configure it ready for use with the Sophos AD Sync tool.


  • In reply to David Ashcroft:


    Here is the article you can refer how to install AD sync and see what are the LDAP filters used to find the users and groups,


  • In reply to SAJ:

    Appreciated, thank you, it seems I was overthinking this to be honest, a lot of what i was doing was not needed. Most of the issues I was having were on my end.

    I noticed that the AD Sync tool only allows you to import users but not PCs. Is there a way to import all PCs in our environment into Central? This would be good because it would then allow us to see any PCs that may not have had the endpoint protection installed.


  • In reply to David Ashcroft:



    AD sync is for users and groups.

    Sophos Central AD Sync utility will import the following objects from the Active Directory:

    • Username
    • Login
    • Email address
    • Groups and the members of each group

    Note: Only groups with more than one member will be created.


    Whenever an endpoint agent is installed on a computer it will automatically get added to the Sophos central dashboard. There is no option to bing all the endpoints on the network to Central dashboard. You can send a setup email link to install it on every user`s endpoints via Sophos central dashboard.

  • In reply to SAJ:

    Thank you for this. 

    Our environment is an enterprise environment. we are currently running Sophos Enterprise (Console version 5.5.1) and it is all on premise.

    Finally, I am looking for the best way to migrate all these PCs from the on premise enterprise version of Sophos endpoint, over to the endpoint on Central.

    Any advice on this is appreciated. I looked at some of the KB's but they either seem to not work or to be outdated. 

  • In reply to David Ashcroft:

    Hi David, 

    For Enterprise Console to Central migration, we do have a Migration Tool that can be used.

    Please review the following Portal with links to general information, documentation, and downloads. 

    Please let us know if you have any further questions.