Active Directory Connector Part 1

Active Directory Connector Part 1

  • Comments 1
  • Likes

Let Me Introduce Myself…

Hi, my name is Oleksandr Golovatyi and I work in the System Center Service Manager QA Team as a Software Design Engineer in Test. I have 10+ years of software development experience for both Windows and UNIX platforms. I joined Microsoft (and the team) about a year ago.

Background

Active Directory (AD) is one of the main repositories of users, groups, computers and printer information in enterprises. An AD Connector in Service Manager can bring all or some of this data in the CMDB.  Once users, printers, and computers are synchronized into the CMDB they can be related to incidents, change requests, other CIs, etc.

Creating AD Connector

All connectors can be found in the Administration workspace.

Click the Create Connector task and then choose Active Directory Connector, which launches the AD Connector wizard. Then supply Name and Description for the connector.

Next wizard page allows you to choose Domain/OU you want to import objects from as well as an account to connect to Active Directory.

Browse button opens Active Directory browse window where you can select domain or OU (Organizational Unit).

Some notes about data source:

·        AD Connectors support only one data source. To import objects from multiple sources you have to create as many AD Connectors as you need.

·        Data source can’t be changed after connector is created; credentials can be updated.

·        Browse window doesn’t show cross-forest domains.

The account must have rights to connect and read form AD Domain/OU. You can check it by clicking Test Credentials button.

Tips:

·        For domain or OU you can use FQDN (Fully Qualified Domain Name) like domainname.com/TestOU or LDAP address like LDAP://OU=TestOU,DC=domainname,DC=com.

·        Click “Test Credentials” button to validate your credentials. This button is extremely useful and you can save some time if given credentials don’t work because of cross-domain, wrong password, network or any other issue.

·        You can’t use credentials for domain which is in another forest – cross forest domain access is not supported.

·        Special characters (non-Latin letters) in AD objects names are not fully supported.

Next page allows you manually add list of objects (users, groups, computers and printers) which should be imported. Or you can import all objects from domain/OU (by default).

Tips:

·        List of objects can be modified later.

·        List can contain objects of different types.

·        You can use Ctrl or Shift with mouse clicks to highlight groups of objects.

Then you are shown a summary screen and a completion screen when the connector is created. Users, computers and other AD objects will appear in the console in a few minutes. The more objects that have to be imported the more time this operation requires.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Editing an AD Connector To edit an AD connector, highlight an AD Connector and click Edit Connector task