Configure data sources for Microsoft Active Directory

In the Setup and Sync Tool at Data Model > Data Sources, configure Data Sources. Use Microsoft Active Directory Data Sources to define data in Microsoft Active Directory. You can define data related to users, groups, organizational units and group membership.



Explanation and Tips


Specify the Active Directory fully qualified domain name that stores the data that you want to synchronize with your environment.

Security context

Specify the credentials to access the Active Directory domain. The account that you specify must be in the same domain as the domain from which you want to synchronize data.

  • In Building Blocks of Data Sources, credentials of the Security context fields are not included. You have to set these credentials again after you import the Building Block.

Mount point

Specify the location in your Active Directory structure from which point onwards you want to synchronize information.

Object type

Specify the type of data that you want to synchronize.

Columns tab

Specify the Active Directory columns from which you want to synchronize data. The available columns depend on the Object type that you selected on the Properties tab.

Active Directory users

  • The Active Directory properties User GUID, OU GUID, Name, Picture, Windows user account, Windows user account of manager, Primary email address and Is disabled user are available by default. Use these properties for example in people data connections.
  • In the Active Directory property Picture, you can use file names of pictures stored directly in Active Directory, but also URLs of pictures stored on a website (HTTP and HTTPS). Pictures need to be in PNG, GIF or JPG format. Recommended size and dimensions are 10KB and 96x96 pixels - pictures with larger dimensions are resized to 96x96 pixels.

Active Directory groups

  • The Active Directory properties Group GUID, OU GUID, Name and Canonical name are available by default. Use these properties for example in organization data connections to synchronize Active Directory groups that have the same name, but are located in different OUs.
  • Select Show all advanced properties to specify additional advanced Active Directory properties that contain data that you want to synchronize. For example, let's assume the advanced Active Directory property Managed-By in your organization stores the owner of a specific distribution list. If you specify this advanced property in the Data Source, you can synchronize its data with a data connection. You can then use this data in Ivanti Identity Director to configure a service that sends an approval notification to the owner of the distribution list.

Filter tab

Optionally, filter out irrelevant data from the external data.

Diagnostics tab

  • The Preview Data tab shows a preview of the Active Directory information.
    • A maximum of 25 items is shown.
    • If no data is found, an empty list with all columns is shown.
  • The Data Connections tab shows which data connections currently use the Data Source.
