AD Import
- 19 Jun 2024
- 5 Minutes to read
- Print
- PDF
AD Import
- Updated on 19 Jun 2024
- 5 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The process of importing data into Active Directory (AD), a directory service created by Microsoft for Windows domain networks, is commonly referred to as AD import. Within a network environment, Active Directory is used to store data about machines, groups, users, and other resources. It is necessary to keep a Windows-based network environment's directory service structured and updated.
On-Premise AD Import
The process of synchronizing user accounts, groups, and other directory data from an on-premises Active Directory environment into a cloud-based directory or service is known as a "on-premise AD" (Active Directory) import. This is frequently employed in situations when enterprises deploy hybrid identity management systems, which blend cloud-based and on-premises resources.
To leverage cloud services while maintaining control over their on-premises infrastructure, companies utilizing hybrid IT environments must complete the On-Premise AD Import procedure.
Let's explore the following use-case.
Use Case User Persona: Super Admin | Solution |
| NovaTech a mid-sized IT company is transitioning to hybrid environment. They want to integrate their on-premise Active Directory (AD) with Azure Active Directory to enable their employees to use office 365 and other Azure services with their existing on-premises AD credentials. | To resolve this, the Super Admin configures the AD Import functionality in Platform Studio to ensure that the on-premise AD is synchronized with Azure AD to allow seamless access to office365 applications. The initial synchronization process will import the user accounts, groups and other relevant data from on premise AD to Azure AD. They are then successfully able to integrate their on-premise with Azure enabling the workforce to seamlessly access office 365 and other cloud services. This functionality allows seamless user experience, simplified management and enhanced security. |
Configure AD Import
1. Navigate to Platform > Access Control Center > AD Import. The list page is displayed.
Figure: AD Import
2. Select the Domain and Sub Domain from the dropdown menu. The AD Import list page is displayed. For more information on the list page navigate to Manage AD Import.
3. Click New to create a new AD Import and the following page is displayed. 
Figure: AD Import
For more information on how to configure AD Import, refer to the table below.
General and LDAP Configuration
| Field | Description |
|---|---|
| Domain* | Specify the Domain from which you want to import the user details to the Application. |
| Sub Domain* | Specify the Sub Domain from which you want to import the user details to the Application. |
| Import Type* | The Import type is chosen as Microsoft On-premise as a default option. |
LDAP Configuration | |
| LDAP Path* | LDAP is called Lightweight Directory Access Protocol. We can specify the path name of the Active Directory database. |
| Import from AD | Select the required options to import from the Active Directory Users – Select Users to import all the users in the AD. Groups – Select Groups to import all the groups available in the AD Deleted Objects – Select Deleted Objects to import all the deleted objects such as users or groups from the AD. |
| AD Domain* | Choose the Domain name from which to import the user details to the Application. |
| User Name (Domain/User Name) | Specify the domain user name. |
| Password | Type in the password |
| Confirm Password | Re-enter the password for confirmation. |
| Time Zone | Select the time zone from the drop-down menu. The selected Time Zone will be the default Time Zone for all the users. If the Time Zone is mapped to a specific location, the mapped Time Zone is displayed in the Time Zone drop-down list |
| Run at Proxy | The field is displayed if Run at Source is selected as Symphony Proxy. Select the configured Proxy Server from the list by which the AD Import job should run. |
| IP Address | Specify the IP address of the machine if the Proxy Server is configured in the demilitarized zone (DMZ). |
| Sort Order | |
| Active | This will be selected by default. It indicates the status set for the Active Directory configuration details. • If selected, the Active Directory configuration details are used for importing user data to the SymphonyAI database. • If not selected, the Active Directory configuration details are inactive. The configured details are ignored while importing user data to the SymphonyAI database. |
| Enable SSL Connection | • If enabled, the application runs with the web protocol “HTTP”, which establishes a secured connection while exchanging data with the server. • If not enabled, the application runs with the web protocol “HTTP”, which is not a secured connection and is susceptible to data theft or spying. |
An asterisk (*) represents mandatory field.
Other Actions
| Field | Description |
|---|---|
| Specify OU(s) to Exclude | Specify the organizational units that you wish to exclude from importing to the application. |
| Attributes Not to be Null | Specify the attributes for which the value should not be Null while importing data from the Active Directory database. For example, Object Class. |
| Disable Users | Indicates the status set for the user. • If selected, the disabled user details are not imported from the Active Directory to the database. • If not selected, the disabled user details are also imported from the Active Directory to the database. |
| Clear NT ID (If Disable Users is enabled) | If selected, the NT ID of deleted users are cleared from AD. This option should be selected only for the deleted users and not disabled users. |
| Clear Email ID (If Disable Users is enabled) | If selected, the Email ID of the deleted users are cleared from the AD. This option should be selected only for deleted users and not disabled users. |
| Ignore Display Names with Text | Specify the keywords to ignore the user names with the specified keywords while importing data from Active Directory. If the specified keywords are present in the User’s Display Name text, the user data is ignored while importing data from Active Directory to the application. |
| Ignore SAM Account Names with Text | Specify the keywords to ignore the SAM Account Names with the specified keywords while importing data from the Active Directory. If the specified keywords are present in the SAM Account Name (NT Login ID), the user data is ignored while importing data from Active Directory to the application. |
| Differential Scan | In differential scan process, the machine is scanned for any changes in the Active Directory progressively. All the changes that are updated in the Active Directory after the previous scan are displayed. |
| Full Scan Frequency (If Differential Scan is enabled) | Specify the frequency at which the full scan is scheduled. |
Attribute Details (Mapping) | |
| Attribute Details (Mapping) | The following standard attributes can be mapped from the User Master to the Active Directory.
User Attribute Name – These are specific information associated with the user account. Import Attribute Name – The data that need to be mapped from specific on-premises Active Directory (AD) attributes to their corresponding Azure Active Directory (Azure AD) attributes. Is Unique - The critical factor that is key to identifying user accounts distinctly across the directory. Note
|
4. Click Submit to create a new AD Import.
5. Configure a Standard Event in Scheduler to run the AD User Import job. For more information refer to configuration of Scheduler for AD Import.
Was this article helpful?