TABLE OF CONTENTS
Introduction
The AD connector is used to pull in data from Active Directory. The AD connector consists of the following panels:
- AD Discovery Status
- Import User Options
- User Update Options
- Import Machine Options
- Machine Update Options
- Application Update Options
- Troubleshooting
An Administrator has the ability to toggle each of the panels available OFF/ON
AD Discovery Status
The table below provides information on the elements within this panel.
| UI Element | Description |
| Run AD Discovery Now | A button to allow an Admin to run the AD Discovery sync now. |
| Schedule AD Discovery #1 | Specify the times to run the AD Discovery. Please refer to this article on how to create a scheduled task. |
| Schedule AD Discovery #2 | Specify the times to run the AD Discovery. Please refer to this article on how to create a scheduled task. |
| Last Discovery Date | Displays the last time the AD Discovery ran successfully. |
| Domain | The NETBIOS name of the Domain. For example, 'GLOBAL'. To find the Domain open a command prompt, type set userdomain and press Enter. The USERDOMAIN will be displayed. Use this value. |
| Distinguished Name | The distinguished name of the Domain as it appears in the AD properties. For example, DC=Global,DC=COM. |
| Emails Logs To | List of email addresses to email a copy of the import log at the end of the sync. Use ; for multiple list for example t@blogg.com;Accounts@blogg.com. |
| Overall Progress | Displays the overall progress of the import. |
| Current Task Progress | Displays the current task progress. |
| Import Log | Text box used to display the AD import logs. |
Import User Options
The table below provides information on the elements within this panel.
| UI Element | Description |
| User Last Login < X Days | Only import Users that have logged in in the last X days. Use '0' to import all Users. |
| Exclude Disabled User Accounts | This option prevents accounts which are disabled from being imported. It is recommended to have this enabled. |
| Users to Examine | Define the specific OU or Group to be examined for the Users. The OU must be specified using the distinguished name.For example:
|
| Exclude User Accounts | Define explicitly Users to be excluded. For example a list of User account not to import. Use * as a wildcard to filter multiple account. *SRV*, *Service accounts*. |
User Update Options
The table below provides information on the elements within this panel.
| UI Element | Description |
| Don't Update Locked Users | This option will not update a User record that is locked in ManagementStudio. NB this is not related to a User locked in AD. |
| Archive Users | Automatically archive and un-archive a User in ManagementStudio based on its status in AD. |
| Import User OU Path as Blueprint | This option converts a Users OU to Blueprints. For example 'AD Info\Computer\UK'. |
| If User Blueprint is Blank | If Department is blank then Skip, or use 'AD Info\Name' or use 'AD Info\<blank>\Name'. |
| Start User Blueprint Folder Path | Prefix the Blueprint in the Mappings table with this root path. For example 'AD Info\'. |
| User Field Mappings | In this section, an admin has the ability to define and map the list of AD fields to be written back to the User record in ManagementStudio. When importing data from AD, ManagementStudio uses a simple convention:
|
Special Keywords
Manager
- MS_ManagerFN
- Managers Full Name
- MS_ManagerSamAccount
- Managers SamAccount
- MS_ManagerFNSamAccount
- Managers Full Name [SamAccount]
Import Machine Options
The table below provides information on the elements within this panel.
| UI Element | Description |
| Machine Last Login <X Days | Only import Machines that have logged in in the last X days. Use '0' to import all Machines. |
| Exclude Disabled Machine Accounts | Enable this option of exclude all Disabled Machines in AD from the Machines that are imported. |
| Machines to Examine | Define the specific OU or Group to be examined for the Machines. The OU must be specified using the distinguished name. For example:
|
| Exclude Machine Accounts | Define explicitly Machines to be excluded. For example a list of Machines account not to import. Use * as a wildcard to filter multiple account. *SRV*, *Printers*. |
Machine Update Options
The table below provides information on the elements within this panel.
| UI Element | Description |
| Don't Update Locked Machines | This option will not update a Machine record that is locked in ManagementStudio. NB this is not related to a machine locked in AD. |
| Archive Machines | Automatically archive and un-archive a machine in ManagementStudio based on it status in AD. |
| Import Machine OU Path as Blueprint | This option converts a Machines OU to Blueprints. For example 'AD Info\Computer\UK'. |
| If Machine Blueprint is Blank | If Department is blank then Skip, or use 'AD Info\Name' or use 'AD Info\<blank>\Name'. |
| Start Machine Blueprint Folder Path | Prefix the Blueprint in the Mappings table with this root path. For example 'AD Info\'. |
| Machine Field Mappings | In this section, an admin has the ability to define and map the list of AD fields to be written back to the Machine record in ManagementStudio. In this section, an admin has the ability to define and map the list of AD fields to be written back to the MAchine record in ManagementStudio. When importing data from AD, ManagementStudio uses a simple convention:
|
Application Update Options
The table below provides information on the elements within this panel.
| UI Element | Description |
| Link Users to Apps via AD Groups | Link: Creates a User-App links if the User is in ManagementStudio. Remove: Takes the App off the User if they removed from the AD Group. |
| User Name Format | An option to display the format of the list of Users that are imported from the AD Group. |
| Link Devices to Apps via AD Groups | Link: Creates a Device-App links if the Device is in ManagementStudio. Remove: Removes the App of the Device if it is removed from the AD Group. |
| Device Name Format | The format of the list of Devices that are imported from the AD group. |
| Recurse Nested App Groups | Search down the AD Tree of Sub-Groups for Users/Devices. This can be very slow and AD intensive. It is recommended to only use if necessary. |
| Import Application OU Path as Blueprint | This option converts a App to Blueprint. For example 'AD Info\User\UK\Front Office' |
| If App Blueprint is Blank | If Department is blank, then: Skip, or use 'AD Info\Name' or use 'AD Info\,black.\Name'. |
| Starting App Blueprint Folder Path | Prefix the Blueprint in the Mappings table with this root path. For example 'AD Info\'. |
Troubleshooting
The table below provides information on the elements within this panel.
| UI Element | Description |
| Notes | Text field used to enter more information about the project environment. |
| Installed Version | Displays the current version installed. |
| Installed Date | Displays the date the current version was installed. |
| Verbose Logging | This options generates large files and should only be enabled for troubleshooting. |
| Online Help | Link to the Online solutions article. |
Adding a new AD Connector
Overview
This walkthrough shows an admin how to add an Active Directory(AD) connector.
Connecting to AD
In order to create a connector to AD, you generally need to have some knowledge about the type of data source as well as the necessary permissions to connect.
Creating a new AD Connector
- Switch to Administration->Extensions->Connectors (1) .
- Click Add New Connectors (2).
- Select [AD-Domain] (3)
- Enter the name of the AD Domain (1).
- Click OK (2) to create the AD connector.
- The new AD connector should now be visible within the left tabbed menu.
- Ensure the toggle next to AD Discovery Status is turned ON.
- Populate the following UI elements:
- Domain (1)
- Distinguished Name (1)
- Click Save Changes (2).
- Click Run AD Discovery Now (3).
- Click Continue when asked to confirm to run the AD Discovery.
- When it finishes establishing the connection to AD, there will be a prompt displayed notifying that it has finished.
- The Import Log (4) text field will display the logs of the import.
- The Last Discovery Date (5) will display its last successful run.
- This completes configuring and establishing a connection to an AD connector.
- An Administrator can now switch back and configure the import based on their requirements in relation to Users, Devices and Applications using the various panels available.
- Create a Schedule Task to run the Connector at a specified time and day.
- Switch to Administration->Scheduled Tasks Manager (1).
- Click Click here to add new item, enter the name of the task, specify the time and run days (2).
- Click Save Changes (3).
- Switch back to Administration->Extensions->Connectors (1).
- Click on the AD tab (2).
- Click on the Schedule AD Discovery #1 dropdown and select the schedule task created (3).
- Click Save Changes (4).
ManagementStudio AD Calculated Fields.
Users.
MS_UserSID
Users' SID converted from binary into a string representation.
Email Related
MS_EmailFromProxyAddresses
Users' email as derived from Proxy address attribute.
MS_CloudHostedEmail
Based on Users AD attribute targetAddress if the attribute is not empty returns Yes otherwise No.
Distinguished Name
MS_DistinguishedNamePathDC
Users Distinguished name expressed as a path including Domain.
MS_DistinguishedNamePath
Users Distinguished name expressed as a path excluding Domain.
Member Of
MS_MemberOfName
Users Groups expressed as group name.
MS_MemberOfPathCN
Users Groups expressed as Paths including Common Name and excluding Domain.
MS_MemberOfPathDCCN
Users Groups expressed as Paths including Domain and Common Name.
Current Connector
MS_ConnName
The name of the current AD Tab.
Direct Reports
MS_DirectReportsSam
Users Direct Reports samaccount(s).
MS_DirectReportsFN
Users Direct Reports Full Name.
MS_DirectReportsFNSam
Users Direct Reports Full Name and samaccount
Password Expires
MS_PasswordNeverExpiresYN
Users Password Never Expires expressed as Yes or No.
MS_PasswordNeverExpiresTF
Users' Password Expires as True or False.
Account Enabled
MS_AccountEnabledYN
Users Account Enabled expressed as Yes or No.
MS_AccountEnabledED
Users' Account Enabled expressed as Enabled or Disabled.
MS_AccountEnabledTF
User account Enabled as True or False
Manager Details
MS_ManagerFN
Users Managers Full Name.
MS_ManagerFNSamAccount
Users Managers Full Name and samaccount.
MS_ManagerSamAccount
Users Managers samaccount.
MS_ManagerDetails_UPN
Users Managers User Principal Name.
MS_ManagerDetails_FirstName
Users Managers First Name.
MS_ManagerDetails_Surname
Users Managers Surname.
MS_ManagerDetails_Email
Users Managers Email
MS_ManagerEmailDetails
Users Managers First Name, Surname, and Email.
Devices.
MS_MachineSID
Devices SID converted from binary into a string representation.
Account Enabled
MS_AccountEnabledYN
Device account Enabled as Yes or No.
MS_AccountEnabledTF
Device account Enabled as True or False.
MS_AccountEnabledED
Device account Enabled as Enabled or Disabled.
Distinguished Name
MS_DistinguishedNamePathDC
Devices Distinguished name expressed as a path including Domain.
MS_DistinguishedNamePath
Devices Distinguished name expressed as a path excluding Domain.
Member Of
MS_MemberOfPathDCCN
Devices Groups expressed as Paths including Domain and Common Name.
MS_MemberOfPathCN
Devices Groups expressed as Paths including Common Name and excluding Domain.
MS_MemberOfName
Devices Groups expressed as a group name.
Further Support
If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.