# Active Directory change detection trigger #### Summary AutoSync has built-in support for automatically detecting changes in Active Directory and triggering an import. This trigger type works with both Active Directory Domain Services and Lightweight Directory Services (LDS). #### Configuration This trigger can only be used on an "Active Directory Domain Services' or 'Active Directory Lightweight Directory Services" management agent type. From the triggers page, select `Add trigger...` and the AD/LDS change detection trigger will be available from the drop down list. Please note that only a single instance of the AD/LDS trigger can be added. ![](https://2216211724-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXaBwZ6mZ5WbX108JiSsn%2Fuploads%2Fgit-blob-f98553a92c7a0185258d74452d288d7549234319%2Fadlds-trigger.png?alt=media) | Setting | Value | Default | | ------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | | Base DN | The base DN that you are interested in getting change notifications for | The base DN specified in the MA configuration | | Host Name | The Active Directory server to bind to | The hostname as specified in the MA configuration | | Object classes | The object classes to receive change notifications from | The object classes specified in the MA configuration | | Credentials | Optional. The credentials to use to bind to the target directory | The identity of the AutoSync service is used if no credentials are specified | | Minimum amount of time to wait in between exections | Prevents continuous import loops by only passing through changes in the directory once per specified interval | 1 minute | | Ignore changes where the last logon timestamp attributes have been modified within the following time period | A change event is raised by the directory when any attribute changes - even if it is something like one of the last logon timestamp attributes. Updates to these attributes can be very frequent, and may trigger a continuous cycle of imports, defeating the purpose of change detection (you might as well have the MA on a continuous import loop). The setting tells AutoSync that if a change comes in, and the object has a last logon timestamp value in the last 5 minutes then ignore the change completely. | 5 minutes | #### Permissions The AD Change Listener does not require any permissions over and above a standard user account. Read permissions to the base DN are all that are required.