Connectors

Connecting to Groups and Adding Users

To add users to groups you have multiple options to choose from, which one you want to use depends on how you are presenting your data and also down to personal preference.

You have the option to either add groups to users or add users to groups. You can also connect to security groups and distribution groups.

GroupMembers

The Active Directory V2 - GroupMembers connector manages users into your AD groups. This connector does not add or remove groups from your AD, it is there to simply add existing users to the groups you need.

GroupMembers Connect

Connect

Credentials

Enter in your Windows Credentials you use to connect to AD. If you leave these blank, then the current process/user credentials are used. To add your credentials, click onto the ellipsis (...) to open the credential window.

LDAP Path

Connect to the specific OU you want to target in your LDAP Path, this will look something like: LDAP://OU=Test,DC=demo,DC=simego,DC=com.

Please see our main AD page for more guidance on finding your LDAP Path.

Use SSL

If your AD has SSL enabled you can connect using SSL by changing this to True by selecting the value from the drop down list.

LDAP Filter

Additionally you can use an LDAP filter to filter the results for specific groups. By default the filter is set to (&(objectClass=group)) to return all groups within the connected OU.

To filter the groups that are returned add the groups you want to target into the LDAP Filter e.g. (&(objectClass=group)(sAMAccountName=Managers))

If you do not connect to a specific OU or filter the results then the software will believe that the users need removing from any groups not listed. You run the risk of removing all of your users from groups and loosing access to your systems. Please double check that your project is doing what you expect and that delete is disabled if you do not want to remove users.

In your source data you want to have the group name and the user to be added to that group.

Sample Data

This connector requires two key columns, that are the group name and the account name (sAMAccountName) to be added. Because of this, this connector does not support incremental sync.

Your schema map should look similar to the screen capture below but your source may have different column names.

Schema Mapping

You then need to run the compare and sync the results, to apply the changes.

If you want to remove users from groups you will need to enable delete as this is disabled by default to prevent accidental deletion.

Groups

You can use the Active Directory V2 - Users/Contacts/Groups/Computers provider to return groups by selecting Groups from the DefaultAttributes drop down list.

Groups Connector

This connector will enable you to add and remove groups from your Active Directory. However please note that you can only add existing users, this will not add user accounts whilst targeting groups.

Map the group name (this should be the same as the sAMAccountName) from your source to DS-SAMAccountName and set this to be your key column. You then need map the array of users that should be members of that group to Members.

In your source data you can list the groups to be updated/added and the list of users that should be members of each of those groups. The users need to be listed in alphabetical order for their sAMAccountName and be separated by a semi-colon (;).

Please make sure there are no unwanted spaces as this will affect the results. For example, if you have user1; user2;user3 the space will be counted as part of user2's name.

Sample Groups Data

Any groups that do not currently exist will be added to your AD.

Your schema map should end up looking something like:

Schema Mapping

Whilst Adding/Updating Users

Alternatively, you can use the Active Directory V2 - Users/Contacts/Groups/Computers provider and select Users from the DefaultAttributes drop down list. With this connector you can add users to their respective groups whilst adding or updating them in your AD.

Note: Whilst targeting users you cannot add/remove groups from your AD only add/remove users to/from a group.

This method assumes you have a column with an array of the group names that the user should be a member of. Your groups need to be listed in alphabetical order and be separated by a semi-colon (;). Please make sure there are no spaces after the semi colon unless that is part of the group name.

If the user currently exists in a group that is now not listed against their name they should be removed from that group.

To do this map your source columns to your target columns and make sure to map your Group column to DS-User-MemberOf.

Schema Mapping

Performance Optimisation

If you have lots of users in your AD and you are matching on columns that are doing a lookup to get the values then you may find the preview, compare and sync can take longer than you may have hoped.

To improve your performance you can map the DN, this will be faster as it does not need to lookup within each user account to find the other values.