The inSync AD mapping wizard allows you to create inSync users by importing their details from your Active Directory (AD). When you create an AD mapping, you define filter parameters to extract user details from your AD. You also define the profile, storage, and quota that inSync must assign to users who match the filter parameters.
The following table lists different methods that you can use to define AD filter parameters.
For most AD mappings, we recommend that you use this method.
This method allows you to select the options based on the values provided in the lists. inSync populates these lists with values after querying your AD. You must select the values in a sequential order because selecting the previous field populates the list in the next field.
This method allows you to enter the values for each field manually. We recommend that you use this method only if you are well-informed about your organization's AD structure.
To use this method, at the bottom of the AD Configuration page, click Switch to manual AD filters.
To create an AD mapping
Note: If you want inSync to fetch the Universal Security Group (USG) information associated with the users, enable the global catalog on your AD server.
- On the inSync Admin Console menu bar, click Manage > Deployments > AD/LDAP.
- Click New Mapping. The Create AD/LDAP Mapping wizard appears.
- Under AD/LDAP Configuration, provide the appropriate information for each field.
Field Description AD/LDAP mapping name Type a name for this AD mapping. AD/LDAP server
Click the AD server with which you want to associate this mapping.
Base DN Click the Base DN for which you want to view the organization units and groups. Name to be used for creation
Select one of the following,
- If you want to create inSync user names in the first name and last name format, click Common Name(cn).
- If you want to use the Universal Principal Name(UPN) as the inSync user name, click Universal Principal Name(UPN).
Under Filter Users Organizational unit
Click the organization unit from which you want to query for users.
Select an OU that directly contains users. Do not select an OU that contains other OUs.
Click the AD group from which you want to query for users.
Based on the Organizational Unit (OU) you have selected, groups are populated in the immediately following select group box . Select the appropriate group from the list to query the users. Users are mapped to the Organizational Unit based on the combination of Organizational Unit and group.
Note: Nested primary groups are not supported.
Type the department from which you want to query for users.
Select a department only if it has been defined in your AD. Otherwise, leave this field blank. If you select a department that does not exist in the AD, inSync does not import any user.
Click the country from which you want to query for users.
Select a country only if it has been defined in the AD. Otherwise, leave this field empty. If you select a country that does not exist in the AD, inSync does not import any user.
Note: If you choose to manually provide the AD Configuration details, ensure that you type the LDAP distinguished name of the Base DN, Organizational unit, and AD group. For example, OU=Marketing,DC=AD-cloud,DC=druva,DC=com. To find the distinguished name, open the AD object property window on your AD server, and under the Attribute Editor tab, find the distinguishedName field.
- Under inSync Configuration, provide the appropriate information for each field.
Field Name Profile Click the profile to which you want to assign the users that you import from your AD. Storage Click the storage where inSync must store the backup data from user devices. Quota per user Type the quota for the users. Auto import new users
Do not select this check box.
If you select this check box, inSync will import all new users that meet the AD mapping requirements. You might not want inSync to import all new users that are created in AD for that AD mapping.
Send activation email to newly added users
If you want inSync to send activation emails to new users, select this check box.
Note: This checkbox appears only if you select Auto import new users checkbox in the previous step.
Auto disable unmapped users
If you want inSync to query your AD at regular intervals and deactivate users, select this check box.
inSync deactivates users who are removed from the AD, who are moved between OU in the AD, or users who belong to a group in AD, which is mapped to an AD mapping in inSync, are moved to a different group in the AD.
- Click Finish.