This is not the latest version of Identity Director documentation.
View available documentation.

Configure data sources for Microsoft Active Directory

Use Microsoft Active Directory Data Sources to define data for users, groups, organizational units and group membership, in Microsoft Active Directory.

  • To query Active Directory, TCP port 389 (non-SSL) or 636 (SSL) needs to be open from where the Setup and Sync Tool is started, to the domain controller(s).

Properties tab

Item Explanation and Tips
Domain

Specify the Active Directory fully qualified domain name that stores the data that you want to synchronize with your environment.

  • The Include forest trust and Include parent-child trust checkboxes allows group membership synchronization across different domains.

    If you have a user from a child domain as part of a group in the Forest Trust domain that was not explicitly linked to the Child domain (it is visible only because of the link through the Master/Parent domain), that user will not be seen as part of the group when synchronizing the Classifications for the Forest trust domain.

    Synchronization across trusted domains was introduced in Identity Director 2020.2.

Security context Specify the credentials to access the Active Directory domain. The account that you specify must be in the same domain as the domain from which you want to synchronize data.
  • In Building Blocks of Data Sources, credentials of the Security context fields are not included. You have to set these credentials again after you import the Building Block.
Mount point Specify the location in your Active Directory structure from which point onwards you want to synchronize information.
Object type Specify the type of data that you want to synchronize.

Columns tab

Configure the columns that should be returned by the Data Source. The available columns depend on the Object type that you selected on the Properties tab.

Active Directory users

  • The Active Directory properties User GUID, OU GUID, Name, Picture, Windows user account, Windows user account of manager, Primary email address and Is disabled user are available by default. Use these properties for example in people data connections.
  • In the Active Directory property Picture, you can use file names of pictures stored directly in Active Directory, but also URLs of pictures stored on a website (HTTP and HTTPS). Pictures need to be in PNG, GIF or JPG format. Recommended size and dimensions are 10KB and 96x96 pixels - pictures with larger dimensions are resized to 96x96 pixels.

Active Directory groups

  • The Active Directory properties Group GUID, OU GUID, Name and Canonical name are available by default. Use these properties for example in organization data connections to synchronize Active Directory groups that have the same name, but are located in different OUs.
  • Select Show all advanced properties to specify additional advanced Active Directory properties that contain data that you want to synchronize. For example, let's assume the advanced Active Directory property Managed-By in your organization stores the owner of a specific distribution list. If you specify this advanced property in the Data Source, you can synchronize its data with a data connection. You can then use this data in Identity Director to configure a service that sends an approval notification to the owner of the distribution list.

Filter tab

Optionally, filter out irrelevant data from the external data.

Diagnostics tab

  • The Preview Data tab shows a preview of the data.
    • A maximum of 25 items is shown.
    • If no data is found, an empty list with all columns is shown.
  • The Data Connections tab shows which data connections currently use the Data Source.
See also