Adding Active Directory sync profiles

Article:HOWTO82200  |  Created: 2012-11-05  |  Updated: 2013-04-18  |  Article URL http://www.symantec.com/docs/HOWTO82200
Article Type
How To


Subject


Adding Active Directory sync profiles

If your organization uses Active Directory authentication as its authentication method for ServiceDesk, you may need to add Active Directory sync profiles. These sync profiles let you import data from Active Directory to the Process Manager database. After you add your Active Directory server connections, you can add sync profiles for those connections. In ServiceDesk, you can add Active Directory sync profiles at any time.

You can add Active Directory sync profiles to target the entire domain, organizational units and groups on the Active Directory server, or specific LDAP queries. For example, you add a new organizational unit to Active Directory. You can add a sync profile for it in the Process Manager portal.

See Configuring Active Directory sync profiles

See Managing Active Directory sync profiles

See Methods for synchronizing Active Directory sync profiles

To add Active Directory sync profiles

  1. In the Process Manager portal, click Admin > Active Directory > Sync Profiles.

  2. On the Active Directory Sync Profiles page, at the far right of the Active Directory Sync Profiles title bar, click the Actions symbol (orange lightning), and click Add AD Sync Profile.

  3. In the Add Active Directory Sync Profile dialog box, type or select the following information:

    AD Sync Profile Name

    Lets you specify a name for the sync profile.

    Select Connection

    Lets you choose which Active Directory server connection you want the sync profile to target.

    AD Server Email Domain

    Lets you specify an email address for the users that you obtain from Active Directory. Use the following format:

    <domain.com>

    ServiceDesk requires that all users have an email address, but Active Directory does not. This domain is appended to the user name of any user who does not have an email address.

    Auto Create User On Initial Login

    Lets you have a ServiceDesk user account created automatically when a new user logs on.

    A new user who logs on to ServiceDesk is authenticated against the Process Manager database. If the user does not have an account there, and this check box is checked, the user is authenticated against Active Directory. If the user has an Active Directory account, a mirror account is created in the Process Manager database.

    AD Users Default Groups

    Lets you select the group to which users are added when their accounts are created automatically.

    The All Users group is the most typical selection.

    This option is available when you check Auto Create User on Initial Login.

  4. When you are finished, click Next.

    Note that if you do not enter the critical information or a connection cannot be made, a warning is displayed and you cannot proceed.

  5. Under Synchronization Option, select one of the following options:

    Entire Domain

    Connects ServiceDesk with your entire Active Directory.

    Organization units

    Connects ServiceDesk with one or more Active Directory organizational units, which you select from the tree view that appears in this dialog box. The tree view displays the organization units that are defined in the specified Active Directory.

    Groups

    Connects the ServiceDesk with one or more Active Directory groups, which you select from the tree view that appears in this dialog box. The tree view displays the groups that are defined in the specified Active Directory.

    Specify LDAP Queries

    Connects ServiceDesk to a specific LDAP Query.

  6. When you are finished, click Next.

  7. In the Add Active Directory Field Mapping dialog box, select which fields in Active Directory you want to map to which fields in Process Manager and click Next.

    Note that normally you do not need to change any field mapping settings. Symantec recommends that you do not change any mappings to key fields, such as Primary Email ID (Email address), first names, and last names.

  8. In the Add Schedule for Active Directory Server dialog box, select a schedule in the drop-down lists for Schedule For Full Sync Profile and Schedule For Update Sync Profile.

    Note that if the proper schedules do not appear in the drop-down lists for Schedule For Full Sync Profile or Schedule For Update Sync Profile, you must add schedules.

    To add a schedule, click Add Schedule, add your schedules, and click Save. Repeat the process if you need to add another schedule. When you are done, the added schedules appear in the drop-down lists.

    See Adding Active Directory sync profile schedules.

  9. When you are finished, click Finish.


Legacy ID



v72069915_v81470773


Article URL http://www.symantec.com/docs/HOWTO82200


Terms of use for this information are found in Legal Notices