This KB article will be for creating user accounts after the domain has been created [Stage 1]. If SMTP Discovery is not being used then users will need to be created before they can receive/send emails.

SMTP Discovery - Proofpoint Essentials will accept emails addressed to your domain until the email address is marked as invalid. Any email that is scored below the spam threshold will be delivered to the mail server. That email address will then be added to the discovered list. 

The steps to start importing users are as follows:

While logged into the user interface, navigate to Company Settings > Import Users tab

There are three options to import users:

1. Azure Active Directory - Uses your Azure AD to import users 

2. CSV - A csv file will be used to import users

3. Active Directory - Uses your Active Directory to import users via LDAP

Enable Active Directory Sync

If you have Active Directory located on your premises, you can use Proofpoint Essentials Active Directory Sync option to add and automatically sync user accounts and groups between environments.

Before you begin, you will need the following:

  1. An inbound connection that allows Proofpoint Essentials IP range to connect to your domain controller
  2. A user account with read permissions to Active Directory
  3. A user account with administrator privileges to Proofpoint Essentials
  4. The Base DN (Distinguished Name)

- The Base DN is the starting point for directory server searches

- For example: DC=mycompany,DC=com, the Connector starts from this DN to create the list of users and groups to sync


Support for LDAP and LDAP over SSL

The standard protocol for reading data to Active Directory is LDAP. LDAP traffic is unsecured by default. To make LDAP traffic secure, you can use the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocols. This combination is referred to as LDAP over SSL -- or LDAPS.

To setup your domain controller to accept LDAP over SSL, please refer to the following Microsoft article: How to enable LDAP over SSL

Configure Active Directory Sync in Proofpoint Essentials

1. Log in to the user interface

2. On the Company Settings tab, click Import Users

3. Select the default role that should be used for user accounts that are added to Proofpoint Essentials

Silent User

A user account with a silent user role will receive the quarantine digest email but will not have login rights to the interface

End User

A user account with an end user role Will receive the quarantine digest email and will have login rights to the interface

4. Specify the IP address or hostname of your Active Directory that Proofpoint Essentials will connect to

5. Specify the username and password of the account that Proofpoint Essentials should use to connect to your Active Directory

6. Select the connection port that Proofpoint Essentials should use

- LDAP (389)

- LDAP over SSL (636)

7. Enter the Base DN that Proofpoint Essentials should use to connect to your Active Directory

8. Choose what you would like Proofpoint Essentials to sync:

Active users

Disabled user accounts

Functional accounts

Security groups

Include items hidden from the GAL

9. Choose how you would like Proofpoint Essentials to sync:


Create new user accounts and groups

Sync updated accounts

Update existing user accounts and groups

Delete removed accounts

Remove accounts from Proofpoint Essentials that are no longer found in Active Directory

10. Sync frequency


1 hour

3 hours

6 hours

12 hours

24 hours

11. Manually Perform Active Directory Sync 

If you checked a time frequency to sync in the Active Directory settings, a sync is automatically performed. Otherwise, you need to force a sync.

On the Import Users tab, click Active Directory

Click Search Now

Review the search results

Click Sync Active Directory

LDAP synchronization requirements

For Proofpoint Essentials Email filtering LDAP synchronisation to work correctly, make sure that you can receive incoming LDAP (TCP port 389) connections from our IP addresses, which are listed at: 

Important Note: Remember that changes here take place every half hour. (Top and bottom of the hour)

Stage 3 -Updating SPF Records