Active Directory

Introduction

Active Directory is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Starting with Windows Server 2008, however, Active Directory became an umbrella title for a broad range of directory-based identity-related services.

Connection String

To authenticate requests, set User and Password to valid Active Directory credentials. For basic connectivity, set Server and Port.

Connection String Parameters

Parameter Description
Server The domain name or IP of the Active Directory server.
Port The port the Active Directory server is running on.
Base DN The base portion of the distinguished name, used for limiting results to specific subtrees.
AuthMechanism The authentication mechanism to be used when connecting to the Active Directory server.
SIMPLE(Default) Default plaintext authentication is used to log in to the server.
DIGESTMD5 More secure DIGEST-MD5 authentication is used.
NEGOTIATE NTLM/Negotiate authentication will be used.
Scope Whether to limit the scope of the search. Limiting scope can greatly improve the search performance.
WHOLESUBTREE BaseDN and all of its descendants.
SINGLELEVEL BaseDN and its direct descendants.
BASEOBJECT BaseDN only.
TimeOut The value in seconds until the timeout error is thrown, cancelling the operation.
Other The other parameters necessary to connect to a data source, such as username and password, when applicable.

NOTE: The Username and Password can be specified in the Connection String or It can be specified in the spaces shown below. This should be specified when verifying the connection.

Connecting to Active Directory

It is recommended you ask the assistance of the systems administrator. The following command will show you which Active Directory site the remote computer is a member of. From the Command Prompt:

run > nltest

Data Migrations

To check for the data migrations-

  1. Add a new connection in Loome Integrate as shown.

    • Go to tasks and click on Connections.

  • Add a new connection using the Add New Connection option.

  • Choose Active Directory Connector from the available connector options.

  1. Using the connection string parameters created, verify the connection using the Verify Connection Option in Loome Integrate. Once the connection is verified, insert the onnection using the Insert option.

  1. Create a job using the Add a Job option in Loome Integrate. Name the job, set the Logging Mode and Save the job.

  1. Create a new task by right clicking job list and then Add a New Task option. If you want to edit an existing task use the Edit Task option.

  1. Choose Data Migration Task.

  1. Choose the source and the destination for the migration of data. Name the task.

  1. Choose the tables or the data to be migrated from the source to the destination. You can choose to copy all the tables from the source by checking the Copy All Tables checkbox. Save the task.

  1. Execute the job. Check for results and the details of the data migrated in Execution History.

Data Model

The Connector for Active Directory models ActiveDirectory entities in relational tables and stored procedures. API limitations and requirements are documented in this section. You can use the SupportEnhancedSQL feature which is set by default to circumvent most of these limitations.

Tables

Below describes the available tables in Active Directory.

Name Description
Account The account object class is used to define entries that represent computer accounts.
ApplicationEntity X.500 base class for applications: Directory Service only uses subclass MSFT-DSA.
ApplicationProcess X.500 base class for applications: Exchange only uses subclass DSA-Application.
ApplicationSettings Base class for server-specific application settings.
ApplicationSiteSettings Contains all site-specific settings.
ApplicationVersion Can be used by application developers to store version information about their application or its schema.
BuiltinDomain The container that holds the default groups for a domain.
CertificationAuthority Represents a process that issues public key certificates, for example, a Certificate Server.
Computer This class represents a computer account in the domain.
Contact This class contains information about a person or company that you may need to contact on a regular basis.
CRLDistributionPoint The object holding Certificate, Authority, and Delta Revocation lists.
DHCPClass Represents a DHCP Server (or set of servers).
DnsNode Holds the DNS resource records for a single host.
DnsZone The container for DNS Nodes. Holds zone metadata.
Domain Contains information about a domain.
DomainDNS Windows NT domain with DNS-based (DC=) naming.
DomainPolicy Defines the local security authority policy for one or more domains.
DomainRelatedObject The domainRelatedObject object class is used to define an entry that represents a series of documents.
ForeignSecurityPrincipal The Security Principal from an external source.
Group Stores a list of user names. Used to apply security principals on resources.
GroupOfNames Used to define entries that represent an unordered set of names that represent individual objects or other groups of names.
GroupOfUniqueNames Defines the entries for a group of unique names. In general, used to store account objects.
GroupPolicyContainer This represents the Group Policy Object. It is used to define group polices.
IpHost Represents an abstraction of a host or other IP device.
IpNetwork Represents an abstraction of a network. The distinguished name value of the Common-Name attribute denotes the canonical name of the network.
Organization Stores information about a company or organization.
OrganizationalPerson This class is used for objects that contain organizational information about a user, such as the employee number, department, manager, title, office address, and so on.
OrganizationalRole This class is used for objects that contain information that pertains to a position or role within an organization, such as a system administrator, manager, and so on. It can also be used for a nonhuman identity in an organization.
OrganizationalUnit A container for storing users, computers, and other account objects.
Person Contains personal information about a user.
PosixAccount Represents an abstraction of an account with Portable Operating System Interface (POSIX) attributes.
PosixGroup Represents an abstraction of a group of accounts.
PrintQueue Contains information about a print queue.
SecurityObject This is an auxiliary class that is used to identify security principals.
SecurityPrincipal Contains the security information for an object.
Server This class represents a server computer in a site.
Site A container for storing server objects. Represents a physical location that contains computers. Used to manage replication.
Top The top level class from which all classes are derived.
TrustedDomain An object that represents a domain trusted by (or trusting) the local domain.
User This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.