The Active Directory provider in Data Sync is a read-write
connector for Active Directory User
and Contact
objects.
Your Windows Credentials to connect to your Active Directory, if blank then the current process/user credentials are used instead. To add them click on the ellipsis (...
) to open the credentials window.
The LDAP Path to your Active Directory can be a full LDAP path or server name.
If your AD has SSL enabled you can connect using SSL by changing this to True
by selecting the value from the drop down list.
The LDAP filter used to limit the results on the server side.
The default filter is set as (&(objectClass=User)(givenname=*)(sn=*))
this returns Active Directory Objects that are of type user
have a givenname
value and a sn
value.
You can use an LDAP Filter to limit the results returned from Active Directory.
The LDAP filter below is an example filter that returns users that are members of the CRM Team Users
Active Directory group
(&(objectClass=User)(memberOf=CN=CRM Team Users,CN=Users,DC=corp,DC=litware,DC=inc))
The number of Active Directory objects to return in each query request default 1000.
Used when creating Active Directory objects specifies the type of object to create either User
or Contact
.
Used when creating Active Directory objects specifies how the Object Name is created, uses replacement tokens so that the name is created from values in the schema map for example $First Name$ $Surname$
The Properties collection contain all the Active Directory Properties that the connection will return. The connection includes a default set of properties and you can extend this list with your own custom Active Directory Attributes.
Property | Description | Example |
---|---|---|
AdName | The name of the Attribute in Active Directory | employeeid |
DataType | The DataType of the Attribute | System.String |
ReadOnly | Specifies if this is attribute read-only and therefore not sent to Active Directory on Create and Update. |
False |
TryParseValue | Specifies if Data Sync should try and parse the value to extract a friendly value. Should be false if your Updating this attribute. | False |
Adding properties requires that you refresh the Data Source Schema so they are displayed.
To update the Active Directory Manager attribute first you need to change the default property value so that ReadOnly=False
and TryParseValue=False
If you preview the Active Directory data you will now notice that the Manager attribute is returned in full Active Directory path format CN=Test User 2,OU=TestUsers,DC=internal,DC=simego,DC=com
this is the format you need to supply to Active Directory.
You can do this several ways either via a Lookup to Active Directory and return the Distinguished Name
property or build a function in Dynamic Columns to create the value you need.
You can set the Password on a user account via Project Automation using the .NET DirectoryEntry object that you can get via GetDirectoryEntry(string)
method.
For example the code below runs in Project Automation AfterAddItem
method to set a default password on the account.
public override void AfterAddItem(object sender, DataCompareItemInvariant item, object identity)
{
Trace.WriteLine("AfterAddItem->{0}", identity);
using(var entry = DataSourceB.GetDirectoryEntry(identity))
{
var uac = (int)entry.Properties["userAccountControl"].Value;
uac = uac | 0x10000; //Password never Expires
uac = uac & ~0x2; //Unlocked
entry.Properties["userAccountControl"].Value = uac;
entry.Invoke("SetPassword", "!password123");
entry.Properties["pwdLastSet"].Value = -1;
entry.CommitChanges();
}
}