Sync Active Directory

Owned by Mike Murphy
Last updated: Oct 06, 2015 by Max Pinion (Deactivated)
1 min read

The LDAP Directory Synchronize Task imports and synchronizes Active Directory resources such as users, computers, containers, and organizational units into Arellia Management Server (AMS). 

Default Synchronize Directory

The Default Synchronize Directory task imports and synchronizes users, containers and organizational units into AMS. 

  1. In the Security Manager Console, click the Tasks tab.
  2. In the file library in the left pane, click the Jobs and Tasks section and navigate to Server Tasks > Directory Services > Default Synchronize Directory.
  3. In the right pane under Task Status, click the Run Now... button.
  4. Select a directory to sync and optionally a directory partner and click Run Now to begin.

When left empty, the default Query value is (|(&(objectclass=user)(objectcategory=person)(!(sAMAccountType=805306370)))(objectcategory=group)(objectCategory=container)(objectCategory=organizationalUnit)).

Example Queries

Tools

Tools to test your queries are dsquery, ADSIEdit, LDP, LDIFDE. For example using dsquery:

dsquery * domainroot -filter "(&(objectCategory=user)(memberOf=CN=Staff,OU=Operations,DC=companyabc,DC=com))"

Examples

Find all users in the domain group All Staff.

Example

(&(objectCategory=user)(memberOf=CN=All Staff,OU=Operations,DC=companyabc,DC=com))

 

Find all users in the group All Staff, including those in nested groups. This uses the LDAP_MATCHING_RULE_IN_CHAIN matching rule OID.

Example

(&(|(objectCategory=person))(memberof:1.2.840.113556.1.4.1941:=CN=All Staff,OU=Operations,DC=companyabc,DC=com))

 

Find all users and groups in All Staff, including those in nested groups.

Example

(&(|(objectCategory=person)(objectCategory=group))(memberof:1.2.840.113556.1.4.1941:=CN=All Staff,OU=Operations,DC=companyabc,DC=com))

 

The default Arellia DSS query:

Example

(|(objectClass=computer)(objectClass=user)(objectClass=group)(objectClass=groupPolicyContainer))