Targeting Network Resources
For each Active Directory DN or Legacy Active Directory server, add a target (Manage the system > Resources > Target systems) :
Type is one of the following, listed under Network Resource :
SMB Protocol for Active Directory DN
SMB Protocol for Legacy Active Directory (4.5 or earlier)
Address for:
Active Directory DN uses options listed in the table below.
Legacy Active Directory uses only Domain or domain controller and Connection over SSL settings:
Administrator ID and Password are the credentials used to contact the Active Directory domain and update folders/shares on the file servers.
Option | Description |
|---|---|
Options marked with a | |
Domain or domain controller | The DNS domain name, the domain controller’s FQDN, a custom DNS name to target or IP address; for example: globaldomain.example.com or \\mydomaincontroller.example.com or \\mydomaincontroller or \\customdnsname Use the IP address only if DNS is not resolving, otherwise avoid using the IP address of the domain controller. The DNS domain name or the FQDN should be specified. A custom DNS name should only be used if absolutely necessary. (key: server) |
Connection over SSL | Select to enforce SSL connections. (key: ssl) |
Custom LDAP search expression for filtering users | Restrict user listing by using LDAP search filters. (key: userFilter) |
Custom LDAP search expression for filtering groups | Restrict group listing by using LDAP search filters. (key: groupFilter) |
OUs to list users from | List only those users who exist in one or more containers . (key: listOUs) |
Groups to list users from | List only those users who exist in one or more groups. (key: listGroups) |
OUs to list groups from | List only those groups that exist in one or more containers. (key: listGroupOUs) |
Groups to list member groups from | List only those groups that exist in one or more groups. (key: listGroupGroups) |
OUs to list computers from | List only those computer objects that exist in one or more containers. (key: listComputerOUs) |
Groups to list computers from | List only those computer objects that exist in one or more groups . (key: listComputerGroups) |
OUs to exclude from listing | Exclude certain OUs to further restrict listing. (key: excludeOUs) |
List nested groups | Recursively list all users and computers contained within groups specified by the " Groups to list. ." options. (key: listNestedGrps) |
List members for nested groups | Recursively list users’ group membership for groups contained within groups specified by the Groups to list users from option. (key: listNestedNOSGrps) |
Abort listing when an invalid group is encountered | Return failure when a group list includes an invalid group. (key: listFailOnNonExistentGrp) |
Abort listing when an invalid OU is encountered | Return failure when an OU list includes an invalid OU. (key: listFailOnNonExistentOU) |
When listing group members and managers, list groups as their individual user members | Depending on the version of Bravura Security Fabric you have installed, you may need to list groups and group managers in flattened form if nested groups are not supported. Bravura Security Fabric versions 9.0.1 or earlier do not support nested groups . (key: listFlatGroups) |
List entire forest | List objects outside the domain specified in the Domain or domain ontroller target address option. (key: listForest) |
Delete users with sub objects | Delete users with leaf objects. In some environments, Active Directory accounts will have a leaf object created, for example Exchange with ActiveSync. By default these users will not be deleted. (key: deleteSubs) |
Create an OU when creating user if it does not already exist | If enabled, when an account is being created, and a non-existing OU is specified , the OU will be created instead of giving an error. (key: createOU) |
List deleted users on supported systems | Choose whether to list only regular users (default), only deleted users, or both. Deleted users are listed in NT4 format. Active Directory moves deleted accounts to a "recycle bin". If enabled in Bravura Security Fabric , these accounts are restrored. (key: listDeleted) |
Name format | Use NT4 format or fully qualified domain name (FQDN). (key: nameFormat) |
Group Name format | Use NT4 format or fully qualified domain name (FQDN). (key: groupNameFormat) |
Attribute specifying group owners | The attribute name that specifies the owner or list of owners for a group. The default value is managedBy. When set to a single valued attribute such as managedBy, the Target system supports multiple owners on groups target system option should be unchecked. Only one group owner is supported in this case. A multi-valued attribute may also be specified in order to support multiple group owners. In this case, the Target system supports multiple owners on groups target system option should be checked. (key: grpowner_attr) |
Persistent list search wait time (in seconds) | The interval time in seconds that the connector will wait to search for changes in the native target. The default value is 7,200 seconds (2 hours). If this value is set too small for a large native target, the connector may not be able to retrieve changes completely in the native target. Setting the value too small will also impose excess load on related services, which drag down the system performance. (key: persistentSearchWait) |
Disable recursive searches of members in domain groups to improve nr performance | Recursively traverse all groups contained with groups when checking permissions in the network resources sub folder operation. Turning this option on is more precise for the checking of permissions, however it will have a performance impact. Default is false. (key: nrIsMemberOfDomainGroupRecursive) NoteThe option Disable recursive searches of members in domain groups to improve nr performance was added in Connector Pack 4.6.0. |
