Active Directory
Introduction
Active Directory is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Starting with Windows Server 2008, however, Active Directory became an umbrella title for a broad range of directory-based identity-related services.
Connection String
To authenticate requests, set User and Password to valid Active Directory credentials. For basic connectivity, set Server and Port.
Connection String Parameters
| Parameter | Description |
|---|---|
Server |
The domain name or IP of the Active Directory server. |
Port |
The port the Active Directory server is running on. |
Base DN |
The base portion of the distinguished name, used for limiting results to specific subtrees. |
AuthMechanism |
The authentication mechanism to be used when connecting to the Active Directory server. |
SIMPLE(Default) |
Default plaintext authentication is used to log in to the server. |
DIGESTMD5 |
More secure DIGEST-MD5 authentication is used. |
NEGOTIATE |
NTLM/Negotiate authentication will be used. |
Scope |
Whether to limit the scope of the search. Limiting scope can greatly improve the search performance. |
WHOLESUBTREE |
BaseDN and all of its descendants. |
SINGLELEVEL |
BaseDN and its direct descendants. |
BASEOBJECT |
BaseDN only. |
TimeOut |
The value in seconds until the timeout error is thrown, cancelling the operation. |
Other |
The other parameters necessary to connect to a data source, such as username and password, when applicable. |
NOTE: The Username and Password can be specified in the Connection String or It can be specified in the spaces shown below. This should be specified when verifying the connection.
Connecting to Active Directory
It is recommended you ask the assistance of the systems administrator. The following command will show you which Active Directory site the remote computer is a member of. From the Command Prompt:
run > nltest
Data Migrations
To check for the data migrations-
Add a new connection in Loome Integrate as shown.
- Go to tasks and click on Connections.
- Add a new connection using the Add New Connection option.
- Choose Active Directory Connector from the available connector options.
- Using the connection string parameters created, verify the connection using the Verify Connection Option in Loome Integrate. Once the connection is verified, insert the onnection using the Insert option.
- Create a job using the Add a Job option in Loome Integrate. Name the job, set the Logging Mode and Save the job.
- Create a new task by right clicking job list and then Add a New Task option. If you want to edit an existing task use the Edit Task option.
- Choose Data Migration Task.
- Choose the source and the destination for the migration of data. Name the task.
- Choose the tables or the data to be migrated from the source to the destination. You can choose to copy all the tables from the source by checking the Copy All Tables checkbox. Save the task.
- Execute the job. Check for results and the details of the data migrated in Execution History.
Data Model
The Connector for Active Directory models ActiveDirectory entities in relational tables and stored procedures. API limitations and requirements are documented in this section. You can use the SupportEnhancedSQL feature which is set by default to circumvent most of these limitations.
Tables
Below describes the available tables in Active Directory.
| Name | Description |
|---|---|
Account |
The account object class is used to define entries that represent computer accounts. |
ApplicationEntity |
X.500 base class for applications: Directory Service only uses subclass MSFT-DSA. |
ApplicationProcess |
X.500 base class for applications: Exchange only uses subclass DSA-Application. |
ApplicationSettings |
Base class for server-specific application settings. |
ApplicationSiteSettings |
Contains all site-specific settings. |
ApplicationVersion |
Can be used by application developers to store version information about their application or its schema. |
BuiltinDomain |
The container that holds the default groups for a domain. |
CertificationAuthority |
Represents a process that issues public key certificates, for example, a Certificate Server. |
Computer |
This class represents a computer account in the domain. |
Contact |
This class contains information about a person or company that you may need to contact on a regular basis. |
CRLDistributionPoint |
The object holding Certificate, Authority, and Delta Revocation lists. |
DHCPClass |
Represents a DHCP Server (or set of servers). |
DnsNode |
Holds the DNS resource records for a single host. |
DnsZone |
The container for DNS Nodes. Holds zone metadata. |
Domain |
Contains information about a domain. |
DomainDNS |
Windows NT domain with DNS-based (DC=) naming. |
DomainPolicy |
Defines the local security authority policy for one or more domains. |
DomainRelatedObject |
The domainRelatedObject object class is used to define an entry that represents a series of documents. |
ForeignSecurityPrincipal |
The Security Principal from an external source. |
Group |
Stores a list of user names. Used to apply security principals on resources. |
GroupOfNames |
Used to define entries that represent an unordered set of names that represent individual objects or other groups of names. |
GroupOfUniqueNames |
Defines the entries for a group of unique names. In general, used to store account objects. |
GroupPolicyContainer |
This represents the Group Policy Object. It is used to define group polices. |
IpHost |
Represents an abstraction of a host or other IP device. |
IpNetwork |
Represents an abstraction of a network. The distinguished name value of the Common-Name attribute denotes the canonical name of the network. |
Organization |
Stores information about a company or organization. |
OrganizationalPerson |
This class is used for objects that contain organizational information about a user, such as the employee number, department, manager, title, office address, and so on. |
OrganizationalRole |
This class is used for objects that contain information that pertains to a position or role within an organization, such as a system administrator, manager, and so on. It can also be used for a nonhuman identity in an organization. |
OrganizationalUnit |
A container for storing users, computers, and other account objects. |
Person |
Contains personal information about a user. |
PosixAccount |
Represents an abstraction of an account with Portable Operating System Interface (POSIX) attributes. |
PosixGroup |
Represents an abstraction of a group of accounts. |
PrintQueue |
Contains information about a print queue. |
SecurityObject |
This is an auxiliary class that is used to identify security principals. |
SecurityPrincipal |
Contains the security information for an object. |
Server |
This class represents a server computer in a site. |
Site |
A container for storing server objects. Represents a physical location that contains computers. Used to manage replication. |
Top |
The top level class from which all classes are derived. |
TrustedDomain |
An object that represents a domain trusted by (or trusting) the local domain. |
User |
This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors. |