AdSync Module Configuration

General Module Settings

Start the SAF Admin. Click on ADSync and then General module settings:


In "Method to trigger module execution" you can set the method to trigger the sync. You can see more details about this feature on Periodic Synchronization, and for the other settings of the General module settings refer to the SAF documentation.


Set further AdSync configuration

In the "Module specific properties":



Active Directory (LDAP) settings:

FieldValue
Server

Can contain the name of the domain controller or comma-separated list of domain controllers or be empty (ask current domain for domain controllers).

The first domain controller that can be successfully contacted and contains the specified organization unit (see Path) will be used.

For LDAPS also specify the LDAPS port (normally port 636), e.g. MyServer:636

Path

More information: Active Directory Mapping

Path to organization unit which contains the users and groups to synchronize. The used syntax is Active Directory style.

Examples:

OU=MyDigaSystem,DC=MyDomain,DC=de

LDAP://OU=MyOU,DC=MySubDomain,DC=MyDomain,DC=de

GC://OU=MyOU,DC=Sub1,DC=Test,DC=local

OU=AdSync Root,OU=SecurityGroups,OU=Demo,DC=DPE-AD,DC=local

LDAP Filter

You can use Active Directory filters, example:

(| (&(objectCategory=Group)(name=DS_*)) (&(objectCategory=User)(name=*)) ) filters all groups starting with DS_ and all users :

(category=Group AND name=DS_*) OR (category=User AND name=*).


See below for operators (link to Microsoft documentation for more information here)

Regex Filter

You can specify a filter for users based on regular expressions

Example: synchronize only users that start with a "N" and have at least one digit after it

^N\d+

Matches "N1", "N123" but not "n1", "N" or "NA123"

UsernameUser account used to access domain controller or global catalog.
PasswordPassword for user account.
Use secure connectionUse NTLM (NT Lan Manager Authentication) for client authentication (default: true)


Filters logical operators:

Logical operatorDescription
=Equal to
<=Lexicographically less than or equal to
>=Lexicographically greater than or equal to
&AND
|OR
!NOT


DigaSystem settings:

FieldValue
Rules

Allows to specify the user PAR file template which will be used for a newly created user according to the group to which it belongs.

The rules are based on regular expressions matching a group name.

The first matching rule in the list will be applied.

If the groups to which the user belongs don't match any RegEx, the template will be the default template selected below.

Default template user

DigaSystem user name that is used as PAR file template for a newly created user (when no rule above is matching).

Can be empty.


Configuration of breaks inside action loop:

The time of synchronizing a Windows user account with the according DigaSystem user increases significantly after a certain number of sync actions.

As a result the Rights.par can be blocked to any other writing attempt for quite some time, which is why this configuration box has been added; if this function is activated the synchronization process is interrupted for a configurable time window, if a sync action exceeds a certain amount of time:

FieldValue
Activate breaks inside action loopsDuring writing separated change ADSync goes in a loop. This checkbox activates breaks during working in a loop
Length of actionsADSync starts single actions one after another in a loop. This parameter limits the time how long ADSync starts more activities. A started activity will run until it has finished.
Length of breaksThe length of the break will be in milliseconds
Reduce sync cycles by using Highest Committed USNUse highest commited USN to find out if something has changed in AD without polling all user and group data.