DESlock+ Support DESlock+ Support
Knowledgebase
How does the Enterprise Server Synchronise with Active Directory?
Article ID: KB113 email a link to this article

To get the DESlock+ Enterprise Server to synchronise with your Active Directory, you will firstly need to log into the Enterprise Server using an administrator account that has the relevant permissions.

Once logged in, select the root 'Organisation' node from the navigation tree in the Enterprise Server and select the Active Directory panel.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Click the the 'Active Directory Settings' button to bring up the configuration dialog. Check 'Enable Active Directory Synchronisation' to enable the AD Sync feature.

The Enterprise Server will then search for users within the Active Directory with an email address property.

 

Sync Mode

The AD Sync has various operating modes, and you can check these on the various tabs. For example you can change the Sync Mode to change how the users are imported.

Manual Import Only

This mode will not automatically import users into the Organisation from the Active Directory. User records must be manually selected within the Enterprise Server in order to import users from the Active Directory as shown in the image below.

In this window, AD users can be selected then either imported to a team or quick imported straight to the root of the Organisation.

 

Basic Automatic Import

In Basic Automatic Import mode, users will be imported initially into the root of the Organisation, regardless of any Organizational Unit structure within the directory.

 

Automatic with Team import

Users will be imported initially into a Team defined by their Distinguished Name (DN), which will take into account Organizational Units (OUs) as shown by the image below.

 

User Import Settings

Additionally you may wish to check the import settings to define which attributes are used from the Active Directory to construct an email address for the Enterprise Server to use.

 

Self Enrolment

The Self Enrolment tab is used for linking a licence to your Active Directory added users. Please see our article below for more information:

KB421 - DESlock+ Self Enrolment

 

Advanced

If you wish to only add specific users within a Security Group configured within Active Directory, you can Click the 'Advanced' tab and select the Security Group you wish to sync.

Furthermore you can use the LDAP Query Filter. Please see our article below for more information:

KB393 - I want to add specific OU's

 

When you have made these changes, you can click the Test button to test read from your directory. This will show you how many records in total the Enterprise Server has access to; the first 15 records which are read; and will indicate if the user would be imported into the Enterprise Server or would be ignored. If the user will be imported this will also show you the email address that will be assigned to that user.

 

Once you are happy with the results, click Close on the Test Results if it is open. Then click OK on the settings dialog to save the settings. The AD Sync will then be operational. Click the 'Resync' button to initiate the sync. If you are using an auto sync mode then this will also sync automatically in the background on a timer which can be changed in the Enterprise Server Control Panel.

When a sync has occurred you will see results in the panel.

The users can then be manually imported, or will already have been imported if using one of the auto modes.

 

 

Related Articles

KB436 - Explanation of Active Directory user states

 

 


 Keywords: AD Active Directory Sync synchronise synchronize users user organization organizational integrate

 


We use cookies on our website to enhance your browsing experience. Read more