Rotate the Active Directory Import (ADI) API Key

If the API key associated with the JumpCloud administrator account used to configure the JumpCloud Active Directory Integration (ADI) AD Import agent is rotated, or the admin account used to configure ADI is deleted, the AD Import service will stop working. As a result, password changes, new user imports, and user updates from AD to JumpCloud will fail.


Your organization will not receive any sort of communication or error about the breakage.

Read this article to learn how to verify the status of AD Import agents in JumpCloud and update the API Key on impacted AD servers.

Verifying AD Import Agent Status

  1. Log in to the JumpCloud Admin Portal.
  2. Navigate to DIRECTORY INTEGRATIONS > Active Directory > select your Domain > Domain Agents tab.
  3. In the Agent Version column, if Import is listed with a red “!”, the import agent is broken and the API key needs to be updated.

Updating the API Key


The following is a high level overview of the steps required to replace the API key for AD Import:

  1. Log in to the JumpCloud Admin Portal and view the Import agent(s) within Domain Agents tab.
  2. Identify each broken connector.
  3. Retrieve the API key you stored for the ADI admin account.


We recommend using a dedicated administrator account specific to ADI.

  1. On each impacted AD server:
    1. Log in to the server with a local admin or AD domain admin account.
    2. Replace the default value for HKLM\SOFTWARE\JumpCloud\AD Integration Import Agent\api_key in the registry.
    3. Restart the JumpCloud AD Integration Import Agent service.
  2. In the JumpCloud Admin Portal, view the Import agents(s) within the Domain Agents tab and verify they are active.

Updating the API Key on an AD server

  1. Generate a new API key if the JumpCloud admin account you are using for ADI does not have an API key or the generated API key was not stored.


Store the API key in a secure location, like the JumpCloud Password Manager.

  1. Log in to the AD server as a local administrator or AD domain administrator.


The server can be identified by referencing the Host Name in the JumpCloud Admin Portal.

  1. Open the registry.
  2. Navigate to HKLM\SOFTWARE\JumpCloud\AD Integration Import Agent\api_key.
  3. Edit Default.
  1. Enter the API key in the Value data field, replacing the existing hashed value.
  2. Click OK.
  3. Open services.msc and restart the JumpCloud AD Integration Import Agent service.
  4. Log in to the JumpCloud Admin Portal.
  5. Navigate to DIRECTORY INTEGRATIONS > Active Directory > select your Domain > Domain Agents.
  6. Verify the Import agent has a green check mark “✅” indicating it is active.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case