Microsoft Active Directory connector

This is an on-premises connector.

The Active Directory connector gathers data about users and devices from an Active Directory server. You can have multiple Active Directory connectors to pull data from various parts of the directory.

If there is device data already in Neurons from another source and you import device data from Active Directory, Neurons will reconcile the records so that you don't have duplicate device records.

You can perform actions and queries on imported Active Directory records from the Neurons console. To do so, fill in the Action Credentials for the connector and update your Active Directory account with the following changes.

Work with your Active Directory administrator to make these changes to your Active Directory service account. Also fill in the Action Credentials for the connector (located at the bottom of the Neurons page for setting up the Active Directory connector).

Use the ADUC Delegation of Control wizard to delegate the following tasks to the service account:

  • To create, delete, and move accounts:
    • Launch the wizard on an OU level.
    • Delegate the Create, delete, and manage user accounts or Create, delete, and manage inetOrgPerson accounts task.
  • To update accounts (modify attributes):
    • Launch the wizard on a specific user object level.
    • Delegate the Read all user information and Write all user information tasks.
  • To enable/disable accounts:
    • Launch the wizard on a specific user object level.
    • Delegate the Read all user information and Write all user information tasks.
  • To unlock accounts:
    • Launch the wizard on a specific user object level.
    • Delegate the Read lockoutTime and Write lockoutTime tasks.

From the ADUC > Properties > Security tab, grant the following permissions:

  • To create, delete, and move accounts: Grant Create All Child Objects and Delete All Child Objects on the parent container.
  • To update accounts (modify attributes): Grant Write permission on the specific attributes you want to update (such as Description, Title, and so on).
  • To enable/disable accounts: Grant Write permission on the userAccountControl attribute.
  • To unlock accounts: Grant Write permission on the lockoutTime attribute.

For information about what data is imported and how it is mapped, see Mapping (below).

Options

An Active Directory connector has the following options:

  • Connector name: A name for the connector.
  • Connector server name: The name of the connector server that this connector is associated with. Each connector can only be associated with one connector server. If you added the connector to a specific connector server, this field may be populated for you. Otherwise, you can select the connector server from the list.
  • Domain name: The domain name for the Active Directory server.
  • Set the base DN: The distinguished name for the location in the directory that you want to pull data from. The connector gathers user, device, and business unit data.
  • Username and Password: Credentials to access Active Directory.
  • User threshold and Device threshold: To limit the amount of data that is gathered for Neurons, set a threshold for a specific number of days. The connector will only import users or devices that have been created or updated during that time.
  • Repeats: How often the connector should gather data.
  • Start time: The time of day the connector should start running. To minimize the impact on your network and applications, we recommend that connectors generally run at night or on weekends.

After this connector runs the first time, any subsequent scheduled runs will only gather records that have changed since the last time it ran. If you run the connector on demand (using the Run Now command or the Save and Run button), it refreshes the entire dataset and not just the changed records.

  • Active: Whether the connector is active or not. While the connector is active, it runs according to the schedule you create. If you clear the check box, the connector is inactive and will not gather data until the check box is enabled again and the connector is saved.
  • Action Credentials: The credentials Ivanti Neurons uses to perform actions and queries on device or people records. The types of available actions and queries will depend on your specific work environment. Before performing actions or queries on imported records, you need to update your service account. See the information above about doing so.

For details on configuring or using connectors, see Setting up connectors.

Mapping

The data that this connector imports is mapped to target attributes in the Neurons Platform database.

For an overview of how the data imported by this connector is mapped to the Neurons target attributes, please download the CSV file using the button below.

Download mappings

For an overview of the Neurons target attributes per data type and the connector source attributes that are mapped to them, see Connector data mapping.