To connect to your Active Directory Domain, you will need to add it as a connection. If you have multiple domain controllers hosting your Active Directory domains, add each one as a separate connection.
- When you first open the Active Directory Synchronization screen, you will see the option of adding a Connection as shown below:
- Click ‘Add Connection’ to continue. Note: For multiple connections, 2-way trust is required
- In Step 1 – Define Connection, specify the domain and credentials you wish to connect with as demonstrated here:
- Click Save & Continue to continue to the next screen
- In Step 2 – Add Targets, you can define as many targets as you wish to this connection:
- Object Type: Specify what type of object you wish to target
- Employees – Select if you want to create both a Login and an employee profile within the intranet
- Logins – Select if you only want to sync over logins but not an employee profile within the Employee Directory
- Groups – Select if you only want to bring over the specific groups
- Select Organizational Unit: Specify a starting OU to narrow down the users you are syncing. As you select an OU, the Object Preview window will show you which logins or groups you will be syncing with that selection.
- Group Filter: Selecting a Group Filter allows you to target only logins that fall within the selected group from your chosen OU.
- For example, if you have 10 logins under one OU, but only 5 of those logins are within the selected group filter, only those 5 logins will be synced.
- Add Target: Once you are happy with your selection, click Add Target to save it.
- Sync Target List: This list will appear with each of your saved Targets that you chose previously.
- There is no limit to the number of targets for your connection.
- You will see a number of objects that are being synced for each Target defined
- Advanced Settings:
- Specify if you wish to sync over users managers within Active Directory to appear on the Employee’s profile as their ‘Supervisor’.
- If users were previously synced over to the intranet, and they are now listed as ‘disabled’ or ‘deleted’ within AD, checking the option to disable these users will update their accounts within the intranet to show them as disabled.
- If users were manually disabled on the intranet, their accounts will not reactivate in the event that a user is reactivated within AD
- Save any changes made to the Advanced Settings area.