Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            AD Connector

            Modified on Mon, 8 Dec at 3:25 PM

            TABLE OF CONTENTS

            Introduction

            The AD connector is used to pull in data from Active Directory. The AD connector consists of the following panels:

            • AD Discovery Status
            • Import User Options
            • User Update Options
            • Import Machine Options
            • Machine Update Options
            • Application Update Options
            • Troubleshooting



            An Administrator has the ability to toggle each of the panels available OFF/ON



            AD Discovery Status

            The table below provides information on the elements within this panel.


            UI ElementDescription
            Run AD Discovery NowA button to allow an Admin to run the AD Discovery sync now.
            Schedule AD Discovery #1Specify the times to run the AD Discovery. Please refer to this article on how to create a scheduled task.
            Schedule AD Discovery #2Specify the times to run the AD Discovery. Please refer to this article on how to create a scheduled task.
            Last Discovery DateDisplays the last time the AD Discovery ran successfully. 
            DomainThe NETBIOS name of the Domain. For example, 'GLOBAL'. To find the Domain open a command prompt, type set userdomain and press Enter. The USERDOMAIN will be displayed. Use this value.
            Distinguished NameThe distinguished name of the Domain as it appears in the AD properties. For example, DC=Global,DC=COM. 
            Emails Logs ToList of email addresses to email a copy of the import log at the end of the sync. Use ; for multiple list for example t@blogg.com;Accounts@blogg.com.
            Overall ProgressDisplays the overall progress of the import.
            Current Task ProgressDisplays the current task progress.
            Import LogText box used to display the AD import logs.


            Import User Options

            The table below provides information on the elements within this panel.


            UI ElementDescription
            User Last Login < X DaysOnly import Users that have logged in in the last X days. Use '0' to import all Users.
            Exclude Disabled User AccountsThis option prevents accounts which are disabled from being imported. It is recommended to have this enabled.
            Import User Accounts from Sub-DomainsImport User Accounts from Sub-Domains. An additional AD connector will need to be configured to import the users data.
            Import User Accounts from Foreign DomainsImport User Accounts from Foreign Domains (Foreign Security Principals). An additional AD connector will need to be configured to import the users data.
            Users to ExamineDefine the specific OU or Group to be examined for the Users. The OU must be specified using the distinguished name.For example:
            • Type: OU
            • Distinguished Name: OU=Users,OU=Lab,DC=ms,DC=Local
            • Options: Nested Members|Direct Members|Exclude Members
            Exclude User AccountsDefine explicitly Users to be excluded. For example a list of User account not to import. Use * as a wildcard to filter multiple account. *SRV*, *Service accounts*.



            User Update Options

            The table below provides information on the elements within this panel.


            UI ElementDescription
            Don't Update Locked UsersThis option will not update a User record that is locked in ManagementStudio. NB this is not related to a User locked in AD.
            Import User OU Path as BlueprintThis option converts a Users OU to Blueprints. For example 'AD Info\Computer\UK'.

            If User Blueprint is BlankIf Department is blank then Skip, or use 'AD Info\Name' or use 'AD Info\<blank>\Name'.
            Start User Blueprint Folder PathPrefix the Blueprint in the Mappings table with this root path. For example 'AD Info\'.
            User Field MappingsIn this section, an admin has the ability to define and map the list of AD fields to be written back to the User record in ManagementStudio. When importing data from AD, ManagementStudio uses a simple convention:
            1. Target - The target field is a field in ManagementStudio, this can be a Detail Field, Custom field or a Blueprint.
            2. MS Field - This is the path to the ManagementStudio field or name of the field used.
            3. AD Field - This is the attribute of an AD User object, Any AD User's attributes can be used as the AD field and ManagementStudio has some built in special mechanism for transforming the AD data. Please refer to this article for a list of all User AD attributes. Or here for a list of calculated User Fields.




            Import Machine Options

            The table below provides information on the elements within this panel.


            UI ElementDescription
            Machine Last Login <X DaysOnly import Machines that have logged in in the last X days. Use '0' to import all Machines.
            Exclude Disabled Machine AccountsEnable this option of exclude all Disabled Machines in AD from the Machines that are imported.
            Machines to ExamineDefine the specific OU or Group to be examined for the Machines. The OU must be specified using the distinguished name. For example:
            • Type: OU|Group
            • Distinguished Name: OU=Computers,OU=Lab,DC=ms,DC=Local
            • Options: Nested Members|Direct Members|Exclude Members

            Exclude Machine AccountsDefine explicitly Machines to be excluded. For example a list of Machines account not to import. Use * as a wildcard to filter multiple account. *SRV*, *Printers*.


            Machine Update Options

            The table below provides information on the elements within this panel.


            UI ElementDescription
            Don't Update Locked MachinesThis option will not update a Machine record that is locked in ManagementStudio. NB this is not related to a machine locked in AD.
            Import Machine OU Path as BlueprintThis option converts a Machines OU to Blueprints. For example 'AD Info\Computer\UK'.
            If Machine Blueprint is BlankIf Department is blank then Skip, or use 'AD Info\Name' or use 'AD Info\<blank>\Name'.
            Start Machine Blueprint Folder PathPrefix the Blueprint in the Mappings table with this root path. For example 'AD Info\'.
            Machine Field MappingsIn this section, an admin has the ability to define and map the list of AD fields to be written back to the Machine record in ManagementStudio.

            In this section, an admin has the ability to define and map the list of AD fields to be written back to the MAchine record in ManagementStudio. When importing data from AD, ManagementStudio uses a simple convention:
            1. Target - The target field is a field in ManagementStudio, this can be a Detail Field, Custom field or a Blueprint.
            2. MS Field - This is the path to the ManagementStudio field or name of the field used.
            3. AD Field - This is the attribute of an AD Machine object, Any AD Compute's attributes can be used as the AD field and ManagementStudio has some built in special mechanism for transforming the AD data. Please refer to this article for a list of all Computer AD attributes.  Or here for a list of calculated Computer Fields.



            Application Update Options

            The table below provides information on the elements within this panel.


            UI ElementDescription
            Link Users to Apps via AD GroupsLink: Creates a User-App links if the User is in ManagementStudio.
            Remove: Takes the App off the User if they removed from the AD Group.
            User Name FormatAn option to display the format of the list of Users that are imported from the AD Group.
            Link Devices to Apps via AD GroupsLink: Creates a Device-App links if the Device is in ManagementStudio.
            Remove: Removes the App of the Device if it is removed from the AD Group.
            Device Name FormatThe format of the list of Devices that are imported from the AD group.
            Recurse Nested App GroupsSearch down the AD Tree of Sub-Groups for Users/Devices. This can be very slow and AD intensive. It is recommended to only use if necessary.
            Exclude by Process StatusExclude Apps from the update/linking phase by ticking the process status not required.
            Import Application OU Path as BlueprintThis option converts a App to Blueprint. For example 'AD Info\User\UK\Front Office'
            If App Blueprint is BlankIf Department is blank, then: Skip, or use 'AD Info\Name' or use 'AD Info\,black.\Name'.
            Starting App Blueprint Folder PathPrefix the Blueprint in the Mappings table with this root path. For example 'AD Info\'.


            Connection Options

            UI ElementDescription
            Integrated SecurityDefault: On
            When Use MS Server Account is ticked ManagementStudio will use the account which the IIS App Pool is running under to connect to Active Directory.
            AD Account Username
            AD Account Password            		Optional
            It's possible to untick Use MS Server Account and specifiy an account username and password to use for authentication to Active Directory.
            Domain Controller HostnameOptional
            Specify a Domain Controller which should be used for the connection to Active Directory.
            LDAP PortOptional
            If a no port is specified the system will use port 389. If secure LDAP is required the port should be added. This is typically 636.
            Global Catalog PortOptional
            If a Domain Controller Hostname is specified use this field to sepcifiy a non-standard Global port.


            Troubleshooting

            The table below provides information on the elements within this panel.


            UI ElementDescription
            NotesText field used to enter more information about the project environment.
            Installed VersionDisplays the current version installed.
            Installed DateDisplays the date the current version was installed.
            Verbose LoggingThis options generates large files and should only be enabled for troubleshooting.
            Online HelpLink to the Online solutions article. 


            Adding a new AD Connector

            Overview

            This walkthrough shows an admin how to add an Active Directory(AD) connector.


            Connecting to AD

            In order to create a connector to AD, you generally need to have some knowledge about the type of data source as well as the necessary permissions to connect.


            Creating a new AD Connector

            • Switch to Administration->Extensions->Connectors (1) .
            • Click Add New Connectors (2).
            • Select [AD-Domain] (3)



            • Enter the name of the AD Domain (1).
            • Click OK (2) to create the AD connector.



            • The new AD connector should now be visible within the left tabbed menu.
            • Ensure the toggle next to AD Discovery Status is turned ON.
            • Populate the following UI elements:
            • Domain (1)
            • Distinguished Name (1)
            • Click Save Changes (2).
            • Click Run AD Discovery Now (3).
            • Click Continue when asked to confirm to run the AD Discovery.


            • When it finishes establishing the connection to AD, there will be a prompt displayed notifying that it has finished.
            • The Import Log (4) text field will display the logs of the import.
            • The Last Discovery Date (5) will display its last successful run.
            • This completes configuring and establishing a connection to an AD connector.
            • An Administrator can now switch back and configure the import based on their requirements in relation to Users, Devices and Applications using the various panels available.
            • Create a Schedule Task to run the Connector at a specified time and day.
            • Switch to Administration->Scheduled Tasks Manager (1).
            • Click Click here to add new item, enter the name of the task, specify the time and run days (2).
            • Click Save Changes (3).

            • Switch back to Administration->Extensions->Connectors (1).
            • Click on the AD tab (2).
            • Click on the Schedule AD Discovery #1 dropdown and select the schedule task created (3).
            • Click Save Changes (4).

            ManagementStudio AD Calculated Fields


            Users


            • MS_UserSID
              • Users' SID converted from binary into a string representation.
              • MS_EmailFromProxyAddresses
                • Users' email as derived from Proxy address attribute.
              • MS_CloudHostedEmail
                • Based on Users AD attribute targetAddress if the attribute is not empty returns Yes otherwise No.

            • Distinguished Name

              • MS_DistinguishedNamePathDC
                • Users Distinguished name expressed as a path including Domain.
              • MS_DistinguishedNamePath
                • Users Distinguished name expressed as a path excluding Domain.

            • Member Of

              • MS_MemberOfName
                • Users Groups expressed as group name.
              • MS_MemberOfPathCN
                • Users Groups expressed as Paths including Common Name and excluding Domain.
              • MS_MemberOfPathDCCN
                • Users Groups expressed as Paths, including Domain and Common Name.

            • Current Connector

              • MS_ConnName
                • The name of the current AD Tab.

            • Direct Reports

              • MS_DirectReportsSam
                • Users Direct Reports samaccount(s).
              • MS_DirectReportsFN
                • Users Direct Reports Full Name.
              • MS_DirectReportsFNSam
                • Users Direct Reports Full Name and samaccount

            • Password Expires

              • MS_PasswordNeverExpiresYN
                • Users Password Never Expires expressed as Yes or No.
              • MS_PasswordNeverExpiresTF
                • Users' Password Expires as True or False.

            • Account Enabled

              • MS_AccountEnabledYN
                • Users Account Enabled expressed as Yes or No.
              • MS_AccountEnabledED
                • Users' Account Enabled expressed as Enabled or Disabled.
              • MS_AccountEnabledTF
                • User account Enabled as True or False

            • Manager Details

              • MS_ManagerFN
                • Users Managers Full Name.
              • MS_ManagerFNSamAccount
                • Users Managers Full Name and samaccount.
              • MS_ManagerSamAccount
                • Users Managers samaccount.
              • MS_ManagerDetails_UPN
                • Users Managers User Principal Name.
              • MS_ManagerDetails_FirstName
                • Users Managers First Name.
              • MS_ManagerDetails_Surname
                • Users Managers Surname.
              • MS_ManagerDetails_Email
                • Users Managers Email
              • MS_ManagerEmailDetails
                • Users Managers First Name, Surname, and Email.



            Devices


            • MS_MachineSID
              • Devices SID converted from binary into a string representation.

            • Account Enabled

              • MS_AccountEnabledYN
                • Device account Enabled as Yes or No.
              • MS_AccountEnabledTF
                • Device account Enabled as True or False.
              • MS_AccountEnabledED
                • Device account Enabled as Enabled or Disabled.

            • Distinguished Name

              • MS_DistinguishedNamePathDC
                • Devices Distinguished name expressed as a path including Domain.
              • MS_DistinguishedNamePath
                • Devices Distinguished name expressed as a path excluding Domain.

            • Member Of

              • MS_MemberOfPathDCCN
                • Devices Groups expressed as Paths including Domain and Common Name.
              • MS_MemberOfPathCN
                • Devices Groups expressed as Paths including Common Name and excluding Domain.
            • MS_MemberOfName
            • Devices Groups expressed as a group name.

            Further Support

            If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0