Synchronization with directory service

Synchronization with a directory service, such as Active Directory (AD), allows you to perform accurate and flexible data synchronization, with the option to apply filters for specific branches in the AD structure. This allows selective selection and synchronization of specific data segments, such as users or groups, based on specific criteria. In addition, this synchronization offers the ability to map attributes between systems, allowing data to be tailored to specific requirements and formats. Filters on specific objects, on the other hand, provide the ability to manage in more detail what information is exchanged and updated, ensuring precise and efficient data management in an IT environment.

New configuration

To start synchronization with a directory service, navigate to the section in question and then click the “New Configuration” button.

Basic data

Next, fill in the fields in “Basic data”.

1	Name - Name of the synchronization task.
2	Domain Controller - A domain controller that we can configure for connection to a directory service. To define a domain controller: Go >
3	Organization - The organization to which resources are to be assigned during synchronization.
4	Definition of the schedule (tasks)-Schedule that defines the frequency of synchronization execution. More about the organizations: Go > To define a task schedule: Go >

Filters

In the “Filters” tab, we have the ability to filter the downloaded data for organizational units.

Mapping

In the “Mapping” tab, you can specify fields from AD with fields from Oxari. The fields are used to map data between the human resource management (MH) system and the directory service, Active Directory.

1	Field - MH - Refers to the name of the attribute in the human resource management system that will be synchronized.
2	Field - directory service - Indicates the equivalent of an attribute from the MH system in the directory service with which synchronization takes place.
3	Data type - Specifies the data format to be used during synchronization, such as text (DirectoryString), integer (Integer) or byte string (OctetString).
4	Object type - Indicates the type of object in the directory service to which the attribute belongs, such as user (User) or organizational unit (OU).

Mapping attributes

The following are predefined attributes, you can remove them as needed or add your own:

1	OrganizationalUnit.Name - `name`: The name of the organizational unit in the directory service.
2	OrganizationalUnit.Description - `description`: Description of the organizational unit.
3	Person.FirstName - `givenName`: Name of the person.
4	Person.LastName - `sn`: A person's name (sn is short for surname).
5	Person.DisplayName - `displayName`: User name displayed.
6	Person.ThumbnailPhoto - `thumbnailPhoto`: Miniatur photo of a person, stored as a tractor (OctetString).
7	Person.Disabled - `userAccountControl`: An attribute indicating the status of a user's account, where specific flags indicate whether the account is active or locked.
8	OrganizationPerson.JobTitle - `title`: Person's job title.
9	OrganizationPerson.Department - `department`: Maps the department in which the user works to the 'department' attribute in the directory service.
10	OrganizationPerson.Location - `physicalDeliveryOfficeName`: Assigns a user's physical location, such as an office, to the 'physicalDeliveryOfficeName' attribute.
11	OrganizationPerson.Manager - `manager`: Maps the supervisor of the employee to the 'manager' attribute.
12	OrganizationPerson.OrganizationalStructure - `ou`: It refers to the organizational structure in which the user is located, and is mapped to the 'ou' (organizational unit) attribute.
13	UserLogin.Username - `sAMAccountName`: Maps the username to the 'sAMAccountName' attribute, which is used as a unique login name in Windows services.
14	UserLogin.DirectoryServiceDn - `distinguishedName`: Assigns the full path of the user's Distinguished Name in the directory service.
15	UserLogin.Disabled - `userAccountControl`: Specifies the status of the user account (e.g., whether it is active or locked) and is mapped to the 'userAccountControl' attribute.
16	Contact.Name - `displayName`: Maps the user's preferred display name to the 'displayName' attribute.
17	Contact.EmailAddress - `mail`: Assigns a user's email address to the 'mail' attribute in the directory service.
18	Contact.MobilePhone - `mobile`: Maps a cell phone number to the 'mobile' attribute.
19	Contact.StationaryPhone - `telephoneNumber`: Assigns the user's landline phone number to the 'telephoneNumber' attribute.
20	Contact.AddressCity - `l` - Maps the user's address city to the corresponding field in the directory service.
21	Contact.AddressStreet - `streetAddress`: Maps the user's address street.
22	Contact.AddressZipCode - `postalCode`: Maps the postal code of the user's address.
23	Workstation.Name - `name`: Refers to the name of the computer workstation.
24	Workstation.DNSName - `dNSHostName`: Maps the DNS name of the computer.
25	Workstation.Description - `description`: Maps the description of the workstation.
26	Workstation.LastLogon - `lastLogon`: Refers to the last login to the workstation.
27	Workstation.OperatingSystem - `operatingSystem`: Maps the operating system installed on the workstation.
28	Workstation.OperatingSystemVersion - `operatingSystemVersion`: Maps the version of the workstation's operating system.
29	Workstation.ManagedBy - `managedBy`: Specifies the person or account managing the workstation.
30	Workstation.OrganizationalStructure - `ou`: Maps a workstation to an organizational unit in a directory service.
31	UserGroup.Name - `name`: Maps the user group name from the local system to the 'name' attribute in the directory service. This is the name that identifies the group.
32	UserGroup.Description - `description`: Maps the user group description to the 'description' attribute. Used to provide additional information about the group.
33	UserGroup.ManagedBy - `managedBy`: Maps information about who manages the user group to the 'managedBy' attribute in the directory service.
34	Domain.Name - `name`: Maps the domain name from the local system to the 'name' attribute in the directory service.
35	Domain.Description - `description`: Maps the domain description to the 'description' attribute in the directory service.

Adding a new value

To add a new value, click the “Add new value” button

And then complete the desired fields.

Deletion of values

To delete a value, click the “Delete” button.

Advanced Data

The advanced data section of the Directory Service Synchronization configuration allows users to specify precisely what types of objects will be synchronized, what attributes these objects contain, and what the criteria are for these objects in the synchronization process. After completing the fields, click the “Save” button to create a new configuration for synchronization with the directory service.

1	Object type - Allows you to select the type of objects to be synchronized, such as organizational units (OUs), users, computers or groups.
2	Filter - Used to specify criteria that must be met for an object to be included in the synchronization process. For example, a filter can specify that only objects belonging to a certain object category (e.g., users, computers) will be synchronized.
3	Identification - Allows you to choose the method of identifying objects between systems, usually using a unique identifier, such as objectGUID.

Edit/Delete

A configuration can be edited or deleted using the following buttons.