User Guides Aiimi

Active Directory

Introduction

Synchronise users and groups from your Active Directory into Aiimi Insight Engine.

General

Start adding the details for the server including credentials and domain names.

  1. Within the Source tab select ActiveDirectory from the Security System drop down.

  2. Enter the Server URL without the protocol at the beginning.

    • For example Server.domain.local

  3. Enter the Port to use on the Directory Server.

  4. Review the additional security checkboxes.

    • For end to end security through a cryptographic protocol check TLS.

    • To allow Self assigned certificate uncheck Verify Certificate. This will reduce the security of Aiimi Insight Engine.

  5. Choose the Server Credential to use for this server.

  6. Assign the Authentication Type from the list.

  1. Enter a Domain Name.

    • If this is left blank the connector will take this from the Active Directory.

  2. Enter an Old Style Domain Name.

    • If you are using the Old Style make sure you check Use old-style domain names.

  3. Limit Search Scope adds a control object to paged LDAP searches.

    • Only uncheck this if your service does not support this.

  4. To skip the manager lookup for a user check Skip the Manager lookup.

  5. To skip the group lookup for a user check Skip the Group lookup.

  6. Check the Query Primary Groups if a groups direct members are needed.

    • This will run an additional query on every group to get any objects that list the group as their primary group.

Group Sync

Set the parameters that are used when syncing with groups.

  1. Within Groups Path enter the Directory location of the groups to sync.

  2. Within Group Filters enter any filters to be applied when searching for groups.

    • This will ignore any unnecessary groups or find groups based off their properties.

Group Mappings

Within Group Mappings, match up the Aiimi Insight Engine property with the AD Field Name. If you have any variation in naming make sure they are updated within the AD Field Name field.

User Sync

Enter the details to locate users that need syncing. This will be filled in by default. It only needs changing the Active Directory settings are different.

  1. Enter the Directory Location for the Users that need to sync within Users Path.

  2. Within Users Filter enter any filters that need to be used when searching for users.

  3. Within Additional Group Memberships add users to groups for Aiimi Insight Engine only.

    • This will not change any settings in your Active Directory.

    • Any groups added here will not be domain verified.

  4. To remove groups from a users membership enter them into Ecluded Group Memberships.

    • Any groups added here will not be domain verified.

    • This will not change any settings in your Active Directory.

  5. For members in unknown domains enter the SID Prefix to look them up within Unknown Domain SID Prefix.

User Mappings

Within User Mappings match up the Aiimi Insight Engine properties with the AD Field Name. Most of these should stay the same across all systems. If you have any variation in naming make sure they are updated within the AD Field Name field.

Trusted Domains

  1. In the left field, add any LDAP servers that should be checked for group membership. These servers should be in the same forest, with the same login details from General.

  2. The right field enter the NETBIOS domain name for this server's tree.

    • This is a precaution incase the plugin cannot directly determine it.

  3. Select the Cross to remove a domain and the Check to add a new Domain.

PreviousConfiguring SecurityNextAzure Active Directory

Last updated