Active Directory (also known as AD) is a directory service that Microsoft developed for Windows networks and is usually not accessible from outside an organization's firewall; therefore, a direct connection to Active Directory is rarely possible (from the cloud). With this in mind, there are many options available for retrieving data from Active Directory.

The correct option for your organization depends on your existing technology landscape. Options should be reviewed by your IT department to determine the option that is best for your organization.

Below are some available options:

Option Description Deployment
1 Direct Connect On Premise Only
2 SFTP Push Cloud or On Premise
3 Active Directory Agent Cloud Only
4 LDAP Cloud or On Premise
5 Google Directory Services Cloud only
6 OKTA Universal Directory Cloud only
7 Azure Directory Services Cloud or On Premise

Direct Connect

For on premise deployment, OrgChart can directly query AD to retrieve employee data.


In this scenario, AD data is extracted on a "daily" basis from AD. The query results are written to a csv file and then pushed via SFTP to a drop folder (in your OrgChart account). OrgChart can then be setup to automatically refresh org chart from the query file. The disadvantage of this approach is that charts cannot updated in real-time (you have to wait for the daily feed).

Implementation of this approach requires some effort from your IT department (your organizational may already have SFTP push in place for other external systems so the effort is minimal). Our professional services team can also implement this approach; however, there is a professional services fee associated with this effort.

Active Directory Agent

Main Article: Active Directory Agent

In this scenario, software must be installed on a server within the your infrastructure. The Active Directory Agent extracts data from Active Directory on a daily basis and pushes the data to OrgChart.


The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services. AD supports LDAP queries; however, LDAP access from outside the firewall must be enabled in order to pursue this option for cloud deployments.

Google Directory Services

If your company has deployed Google's G Suite your company may already be syncing Google Directory with Active Directory using GCDS (See https://support.google.com/a/answer/106368?hl=en for more information). In this case, Google Directory can be queried (because it is already syncing with AD).

OKTA Directory Services

If your company has deployed OKTA Universal Directory (http://www.okta.com) your company may already be syncing OKTA with Active Directory (See https://www.okta.com/products/universal-directory/ for more information). In this case, OKTA Universal Directory can be queried (because it is already syncing with AD).

Azure Directory Services

If your company has deployed Azure Directory Services (See https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect for more information) your company may already be syncing their Azure Directory with Active Directory. In this case, LDAP (see above) can be used for queries.

Reviewed 8/16/2017