Creating or modifying Active Directory Synchronization jobs
Introduced in 2022.2
You create or modify Active Directory Synchronization jobs in the Active Directory Synchronization window.
To create or modify an Active Directory Synchronization job:
-
On the Settings tab, configure the general job settings:
-
Name - Default names for Active Directory Synchronization jobs are "Active Directory Import", "Active Directory Import (1)", "Active Directory Import (2)", etc. You can assign a special name for every job, as needed.
-
Enabled - enables auto-running the job.
TIP: If you do not want the job to run by schedule, you can clear the Enabled check box, configure the job with any schedule, and then manually run the Active Directory Synchronization when needed. For details, see Managing all Automation Server jobs: To force a job to run.
-
Domain - choose a directory service or an Active Directory domain to synchronize with. You choose from the records specified in the Domain Credentials section. Alternatively, you can choose the domain you are currently logged in to.
- LDAP Path - specify the LDAP path to the Users container:
For Microsoft Active Directory: LDAP://CN=Users,DC=toronto,DC=zeus,DC=com)
.
To select a container, click the ellipsis button, browse through Active Directory containers, select the desired one, and click OK.
For LDAP Server: LDAP://<Server Name>:<Port>/<Users DN>
.
-
If you want to make sure that the specified LDAP path is correct, click the Check Path button.
-
Under Schedule, you specify the schedule according to which the Active Directory Import tool imports data from Active Directory:
When you choose Currently logged-in domain in the Domain list, an additional Connect as section appears below the Schedule section.
-
Under Connect as, specify a Windows account to access the Active Directory as follows:
-
If you want the Automation Server to run the Active Directory Synchronization under the Automation Server startup account, leave The Automation Server startup account selected.
-
If you want the Automation Server to run the Active Directory Import tool under another Windows account, click This account, click the Find button, and select a dedicated Windows account.
IMPORTANT: The Windows account must have permissions to ”Log on as a batch job” on the machine running the Automation Server.
-
On the Processing tab, specify how the Active Directory Import tool creates and updates Alloy Navigator Express objects:
-
Create SSP Customer Accounts for Persons - enables the job to create SSP Customer accounts for Person records.
NOTE: When all of your domain users can use the Self Service Portal, you may want to avoid duplicating user accounts in Alloy Navigator Express. You can do this by using LDAP Authentication for the Self Service Portal.
-
Create Organizations - enables the job to create Organizations for Person records.
-
Create Locations - enables the job to create Locations for Person records.
When the check box is selected, the corresponding system macro evaluates to TRUE (see System Macros). The macros should be used in conditional workflow operations of the Service Action that the job employs for creating Persons. If TRUE, the Service Action should perform a corresponding workflow Function to create the items for newly created Person records. You can also use these macros in the Service Action for updating Persons. For details, see Service Actions.
-
Click OK.
NOTE:
In order to import data from multiple Active Directory containers, you
must create multiple Active Directory Synchronization jobs, providing
an individual job for each container. If you consider having all resources
available under the same Automation Server startup account a security
risk, use a dedicated Windows account for every job. The Windows account must have permissions to ”Log on as a batch job” on the machine running the Automation Server.
Related Information:
Checking Active Directory Synchronization job results
Types of Alloy Navigator Express accounts