1. How to Configure AD sync
If you'd like to get an overview of what AD sync does, please review this article
1. Ensure that you have a service account created in Active Directory for AD sync
2. Create a Security Group (example: IntranetUsers) and add all Intranet users to that group
3. If you do not wish to use Security Group, create an OU that contains all the Intranet users
4. All users need to have a First Name, Last Name and pre-windows 2000 username in Active Directory
To enable AD sync, please follow the steps below:
1. Click on the Admin icon on the Admin page
2. Click Security
3. Click Active Directory Synchronization
4. Click Add Connection
5. Enter your Domain Controller information
6. Click Test Connection, and ensure that the connection is successful
7. Click Save & Continue
The next section explains what each option does on the Step 2- Add Targets page
2. What are the options on the Step 2 - Add Targets Page?
1. Object Type:
- Employees: The Employees Object Type allows you to bring in Employee Profiles from Active Directory. If you select this object type, you'd have the ability to map certain Intranet Fields (Title, Location, Photo, etc) with their corresponding Active Directory fields. Users brought in to the Intranet using this object type will be displayed in the Employee/Staff Directory, and in the Search results. Selecting this object type will automatically bring in the usernames and passwords of Active Directory users to the Intranet. Please see the image below:
- Logins: The Logins Object Type allows you to bring in just the username and password for Active Directory users to the Intranet. This will allow users to login to the Intranet and they can only be searched using Admin > Security > Find Logins option. Please see the image below:
- Groups: The Groups object Type allows you to bring Active Directory Groups. These groups can be used to assign security for Apps, pages and Sites inside the product. Please see the image below:
2. Select Organizational Unit: This section allows you to select the OU that contains the Intranet users. Please note that if you select your AD Domain, and add it as the sync target, it will bring in all the users from Active Directory. We recommend selecting specific OUs or use a group filter that will be discussed further in this article. Please see the image below.
3. Group Filter: This option allows you to filter down users from the main AD domain and add users that belong to specific Security Group in Active Directory. If you have created a security group called "IntranetUsers" in Active Directory, you can select it here. Before selecting the Group Filter, make sure you select the Domain under the "Select Organizational Unit" section. Please see the image below.
4. Object Preview: The object preview window will allow you to preview what users you are bringing in to the Intranet. We recommend checking the Object Preview section before adding a target to ensure you are syncing in the right set of users. You can also check to see if a user(s) is active or inactive in Active Directory. A user with a down arrow on the profile icon means that the user is disabled in Active Directory. Please see the image below that shows all active users.
5. Sync Target List: The Sync Target list section has 4 columns:
- Type: This displays the object type that is added as a sync target
- Organizational Unit: This displays the Organizational Unit that is added as a sync target
- Filter: This displays the Security Group selected in the Group Filter
- Objects: This displays the number of users or groups brought into the Intranet
Please see the image below.