Active Directory

Synchronise users and groups from your Active Directory into Aiimi Insight Engine.

Security System: Select Active Directory from the dropdown.

General

Add the details for the server including credentials and domain names.

Server: Enter the Server URL without the protocol at the beginning.
- For example Server.domain.local
Port: Enter the Port to use on the directory server.
TLS: Check this for end to end security through a cryptographic protocol.
Verify Certificate: Uncheck this to allow self assigned certificates.

This will reduce the security of Aiimi Insight Engine.

Credential: Choose the server credential to use from the dropdown.
Authentication Type: Assign the Authentication Type from the list.

Domain Name: Enter a domain name.
- If left blank the connector will take this from the Active Directory.
Old Style Domain Name: Enter an Old Style Domain Name.
- If you are using the old style the Use old-style domain names must be checked.
Limit Search Scope: Check this to add a control object to paged LDAP searches.
- Only uncheck this if your service does not support this.
Skip Manager Lookup: If checked the manager for users will not be searched.
Group Lookup: Check this to skip any group lookup for a user.
Query Primary Groups: Check this if a groups direct members are needed.
- This will run an additional query on every group to get any objects that list the group as their primary group.

Group Sync

Set the parameters that are used when syncing with groups.

Groups Path: Enter the directory location of the groups to sync.
Groups Filters: Enter any filters to be applied when searching for groups.
- This will ignore any unnecessary groups or find groups based off their properties.

Group Mappings

Match up the Aiimi Insight Engine property with the AD Field Name. If you have any variation in naming make sure they are updated within the AD Field Name field.

User Sync

Enter the details to locate users that need syncing. This is filled in by default and only needs changing if your Active Directory settings are different.

Users Path: Enter the Directory Location for the Users that need to sync.
Users Filters: Enter any filters that need to be used when searching for users.
Additional Group Membership: Add users to groups for Aiimi Insight Engine only.
- This will not change any settings in your Active Directory.
- Any groups added here will not be domain verified.
Excluded Group memberships: Add groups here to remove them from a users membership.
- Any groups added here will not be domain verified.
- This will not change any settings in your Active Directory.
Unknown Domain SID Prefixes: For members in unknown domains enter the SID Prefix to look them up.

User Mappings

Within User Mappings match up the Aiimi Insight Engine properties with the AD Field Name. Most of these should stay the same across all systems. If you have any variation in naming make sure they are updated within the AD Field Name field.

Trusted Domains

Left Field: Add any LDAP servers that should be checked for group membership. These servers should be in the same forest, with the same login details from General.
Right Field: Enter the NETBIOS domain name for this server's tree.
- This is a precaution incase the plugin cannot directly determine it.

Select the Cross to remove a domain and the Check to add a new Domain.

PreviousConfiguring Security NextAzure Active Directory

Last updated 1 year ago

General

Add the details for the server including credentials and domain names.

Server: Enter the Server URL without the protocol at the beginning.

For example Server.domain.local

Port: Enter the Port to use on the directory server.

TLS: Check this for end to end security through a cryptographic protocol.

Verify Certificate: Uncheck this to allow self assigned certificates.

This will reduce the security of Aiimi Insight Engine.

Credential: Choose the server credential to use from the dropdown.

Authentication Type: Assign the Authentication Type from the list.

Domain Name: Enter a domain name.

If left blank the connector will take this from the Active Directory.

Old Style Domain Name: Enter an Old Style Domain Name.

If you are using the old style the Use old-style domain names must be checked.

Limit Search Scope: Check this to add a control object to paged LDAP searches.

Only uncheck this if your service does not support this.

Skip Manager Lookup: If checked the manager for users will not be searched.

Group Lookup: Check this to skip any group lookup for a user.

Query Primary Groups: Check this if a groups direct members are needed.

This will run an additional query on every group to get any objects that list the group as their primary group.

User Sync

Enter the details to locate users that need syncing. This is filled in by default and only needs changing if your Active Directory settings are different.

Users Path: Enter the Directory Location for the Users that need to sync.

Users Filters: Enter any filters that need to be used when searching for users.

Additional Group Membership: Add users to groups for Aiimi Insight Engine only.

This will not change any settings in your Active Directory.
Any groups added here will not be domain verified.

Excluded Group memberships: Add groups here to remove them from a users membership.

Any groups added here will not be domain verified.
This will not change any settings in your Active Directory.

Unknown Domain SID Prefixes: For members in unknown domains enter the SID Prefix to look them up.

Trusted Domains

Left Field: Add any LDAP servers that should be checked for group membership. These servers should be in the same forest, with the same login details from General.

Right Field: Enter the NETBIOS domain name for this server's tree.

This is a precaution incase the plugin cannot directly determine it.

Select the Cross to remove a domain and the Check to add a new Domain.