Skip to main content

 

Druva Documentation

How to import cross-domain AD users using inSync AD mapping

This article applies to:

  • OS: Windows
  • Product edition: inSync On-Premise 

Overview

In most environments, AD forest structure is implemented. Users across AD domains and trees are added as members to the security groups to control the access to the resources. This article describes the procedure to import cross-main AD users using inSync AD Mapping.

 AD design limitations do not allow importing cross-forest AD users.

Import cross-domain AD users

The procedure to import the cross-domain AD users is explained based on the following scenario:

  • Forest root domain: Contoso.local
  • Child domain of Contoso.local: Child1.Contoso.local
  • Universal security group created inside Contoso.local: DruvaForestUsers
  • In Contoso.local, users from Child1.Contoso.local are added as members to DruvaForestUsers group.
  • Requirement: Druva inSync AD Mapping must be created to import all the users from DruvaForestUsers group

Steps

  1. Register an AD server on inSync Management Console
  2. Create an AD mapping
  3. Import AD users

Step 1: Register an AD server on inSync Management Console

  1. Login to inSync Management Console.
  2. From the menu, go to Manage > Deployments >AD/LDAP. The AD/LDAP page is displayed.

    AccessSettings.png
  3. Open the Accounts tab and click Register AD/LDAP Account.

    ADLDAPPgOnPrem.png
  4. On the Register AD Account window,  enter the following field values and click OK.
    • Host: FQDN or IP address of the AD server from the Contoso.local domain
    • Port: 3268 (Enter 3269 only if secured)
    • Use secure connection: Select only if the AD server is configured for secure communication
    • Username: Domain or username from the Contoso.local domain
    • Password: Account password of the domain or username from the Contoso.local domain

      RegADLDAPOnPrem.png

Step 2: Create AD Mapping

  1. Login to inSync Management Console
  2. From the menu, go to Manage > Deployments >AD/LDAP. The AD/LDAP page is displayed.
  3. On the Mappings tab of the AD/LDAP page , click New Mapping.
  4. Click the Switch to manual AD/LDAP filters link.

    CreateADLDAPMapping.png
  5. On the Create AD/LDAP Mapping window, enter the following field values and click Next.
    • AD/LDAP mapping name:  Name for the AD Mapping
    • AD/LDAP Server: Select the AD server from the drop-down list.
    • Base DN: Part of the base domain name that is common across the domain names of the users that are members of the AD security group.
    • Name to be used for creation: Username based on the organizational nomenclature.
    • Organizational unit: Keep this field blank.
    • AD group: Domain name of the AD security group  (For example, CN=DruvaForestUsers,OU=TestOU,DC=Contoso,DC=local)
    • Department: This field is optional
    • Country: This field is optional

Step 3: Import AD users

Import all the cross-domain users (in this case Childuser1 and ContosoUser1 as evident from the illustration below)  configured as a member of DruvaForestUsers security group.

ADUsersAndDevices.png

  1. Login to inSync Management Console
  2. From the menu, go to Manage > AD Mappings.
  3. On the AD Mappings page, select the AD forest name and click Import New Users.

    ImporADUsers.png
  4. On the Import Users Now window, select the users and click Import Users.