AD connector item attributes
Click here to see this page in full context

 

AD connector item attributes

Main: General

Attribute name

Description

Status

The status of the connector. New connectors are in status Not authorized. You have to activate it before it can run. Active connector can be disabled. See also Connector authorization.

Host name

Fully qualified  domain name of the connector device. This is used to identify the connector.

Domain

Active directory domain name. This setting is available only when AD connector version is older than 2.6.1.

This field is mandatory.

Connector version

Displays the connector version.

Description

You may enter free description of the AD connector.

This field is optional.

Domain controller

Fully qualified domain name of the domain controller used to read AD information.

Starting from Miradore Management Suite 4.3.1 and Microsoft Active Directory connector version 2.8.0, it is possible to configure multiple domain controllers for Microsoft Active Directory connector. Use ; (semicolon) as delimiter to separate multiple domain controllers. When the connector attempts to connect to the domain controller, it first tries the leftmost option and then moves on to try the next option if the connection doesn't succeed.

If domain controller field is left empty, Miradore's Microsoft Active Directory connector attempts to detect the domain controller automatically using the domain information provided in "Base DN scope(s)" field.

If you want to use LDAPS connection to Active Directory, the domain controller's name must correspond to the subject name in the certificate used for the LDAPS on the domain controller.

Use LDAPS

Do you want to use secure LDAP connection to Active Directory?

If yes, make sure you have configured the domain controller properly.

Notice that the use of LDAPS connection is supported starting from Microsoft Active Directory Connector version 2.8.2 Earlier connector versions don't support LDAPS.

Make sure that LDAPS is also enabled for Microsoft Active Directory.

Data source (LDAP/Global Catalog)

Sets the data source for AD connector.

Data source setting can be overridden by defining port in object specific Domain controller setting (<Servername>:<Port>). Default port for LDAP is 389 and for Global Catalog 3268.

Username

Username that is used to read AD information. This field remains inactive if the field Domain controller is left empty.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

For AD connector version 2.6.1 and newer, format of the username setting is: <Domain>\<User>

For AD connector versions older than 2.6.1, format of the username setting is: <User>

Password

Password that is used to read AD information. This field remains inactive if the field Domain controller is left empty.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

Get user objects

This field defines whether the connector imports user objects from Microsoft Active Directory to Miradore Management Suite.

When enabled, you can configure settings for user objects in the "User object settings" table at the AD connector form.

Get computer objects

This field defines whether the connector imports computer objects from Microsoft Active Directory to Miradore Management Suite.

When enabled, you can configure settings for computer objects in the "Computer object settings" table at the AD connector form.

Get group objects

This field defines whether the connector imports group objects from Microsoft Active Directory to Miradore Management Suite.

When enabled, you can configure settings for group objects in the "Group object settings" table at the AD connector form.

Main: User objects settings

Attribute name

Description

Base DN scope

Base DN scopes for computer, user, and group objects. It is possible to define multiple Base DNs. Multiple Base DNs can be defined by separating them with semicolon.

This field is mandatory.

Update user supervisor

If set to yes, user's supervisor information is updated based on AD information.

Advanced settings

Shows/hides advanced settings.

Excluded scope(s)

List of DN scopes to exclude when querying user objects. Separate multiple entries with a new line or semicolon.

This field is optional and only for AD connector version 2.7.0 and newer.

Custom LDAP filter

Optional LDAP filter that will be combined with "((objectClass=user)(objectCategory=person))".

For example, to exclude disabled accounts, enter: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))".

For more information, check out query filter syntax from MSDN library: http://msdn.microsoft.com/en-us/library/ms675768(v=vs.85).aspx.

This field is optional and only for AD connector version 2.7.0 and newer.

Attribute customizations

Customize attributes to be fetched in an LDAP query.

Customizable attributes are: description, employeeID, givenName, initials, sn, displayName, department, mail, telephoneNumber.

Format: attribute1=attribute2[;attribute3=attribute4[...]].

For example, if user's telephone number is stored in mobile attribute, enter "telephoneNumber=mobile".

Notice: 2.7.0 version of AD connector automatically retrieves mobile number and uses it if telephone number is empty.

This field is optional and only for AD connector version 2.7.0 and newer

Custom attribute(s) for organisation identification

Attribute(s) to use when identifying organisation. Separate multiple attributes by a comma.

By default, distinguishedName attribute is used for organisation identification.

LDAP identification string entered on the organisation form is matched against the combined values (separated by comma) of these attributes.

This field is optional and only for AD connector version 2.7.0 and newer.

For more information, see Mapping user's department from Microsoft AD to corresponding organization in Miradore

Custom attribute(s) for location identification

Attribute(s) to use when identifying location. Separate multiple attributes by a comma.

By default, distinguishedName attribute is used for location identification.

LDAP identification string entered on the location form is matched against the combined values (separated by comma) of these attributes.

This field is optional and only for AD connector version 2.7.0 and newer.

Custom attribute(s) for cost center identification

In this field, you may define custom attribute(s) that are used for identifying cost centers from the data that is imported from Microsoft Active Directory to Miradore. Based on the imported data, Miradore updates the Asset configuration items' cost center information in Miradore.

Separate multiple attributes by a comma.

If this field is left empty, Miradore uses distinguishedName attribute for cost center identification. However, it is not recommended to leave this field empty, because in that case automatically generated Cost center items may have obscure names in Miradore.

Add an empty cost center attribute for the computer objects if you want Miradore to autogenerate the cost centers only for the user items.

Image: The attributes in Microsoft Active Directory. The attribute value will be set as the name of the cost center item that is automatically generated to Miradore. If the attribute value is empty in Active Directory, then Miradore will not create the cost center to Miradore.

As said, This field is also related to the auto-generation of Cost center items. The auto-generation of Cost center items can be enabled and disabled from "System settings > Asset management > Automatically generated items > Create items based on AD inventory > Cost centers" in Miradore.

This field is optional.

Domain controller (optional)

Different domain controllers can be defined for computer and user objects. If this is not set, default value from general is used. This field is inactive if the domain controller is specified above in the general section.

This field is optional.

Username

Username that is used to read AD information.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

For AD connector version 2.6.1 and newer, format of the username setting is: <Domain>\<User>

For AD connector versions older than 2.6.1, format of the username setting is: <User>

Password

Password that is used to read AD information.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

Main: Computer objects settings

Attribute name

Description

Base DN scope

Base DN scopes for computer, user, and group objects. It is possible to define multiple Base DNs. Multiple Base DNs can be defined by separating them with ; character.

These fields are mandatory.

Advanced settings

Shows/hides advanced settings.

Excluded scope(s)

List of DN scopes to exclude when querying computer objects. Separate multiple entries with a new line or semicolon.

This field is optional.

Custom LDAP filter

Optional LDAP filter that will be combined with "(objectCategory=computer)".

For example, to exclude disabled accounts, enter: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))".

For more information, check out query filter syntax from MSDN library: http://msdn.microsoft.com/en-us/library/ms675768(v=vs.85).aspx.

This field is optional.

Custom attribute(s) for cost center identification

In this field, you may define custom attribute(s) that are used for identifying cost centers from the data that is imported from Microsoft Active Directory to Miradore. Based on the imported data, Miradore updates the Asset configuration items' cost center information in Miradore.

Separate multiple attributes by a comma.

If this field is left empty, Miradore uses distinguishedName attribute for cost center identification. However, it is not recommended to leave this field empty, because in that case automatically generated Cost center items may have obscure names in Miradore.

Add an empty cost center attribute for the user objects if you want Miradore to autogenerate the cost centers only for the computer items.

Image: The attributes in Microsoft Active Directory. The attribute value will be set as the name of the cost center item that is automatically generated to Miradore. If the attribute value is empty in Active Directory, then Miradore will not create the cost center to Miradore.

As said, This field is also related to the auto-generation of Cost center items. The auto-generation of Cost center items can be enabled and disabled from "System settings > Asset management > Automatically generated items > Create items based on AD inventory > Cost centers" in Miradore.

This field is optional.

Domain controller (optional)

Different domain controllers can be defined for computer and user objects. If this is not set default value from general is used. This field is inactive if the domain controller is specified above in the general section

This field is optional.

Username

Username that is used to read AD information.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

For AD connector version 2.6.1 and newer, format of the username setting is: <Domain>\<User>

For AD connector versions older than 2.6.1, format of the username setting is: <User>

Password

Password that is used to read AD information.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

Main: Group objects settings

Attribute name

Description

Base DN scope

Base DN scopes for computer, user, and group objects. It is possible to define multiple Base DNs. Multiple Base DNs can be defined by separating them with ; character.

These fields are mandatory.

Advanced settings

Shows/hides advanced settings.

Excluded scope(s)

List of DN scopes to exclude when querying group objects. Separate multiple entries with a new line or semicolon.

This field is optional and only for AD connector version 2.7.0 and newer.

Custom LDAP filter

Optional LDAP filter that will be combined with "(objectCategory=group)".

For example, to exclude distribution groups, enter: "(!(groupType>=0))".

For more information, check out query filter syntax from MSDN library: http://msdn.microsoft.com/en-us/library/ms675768(v=vs.85).aspx.

This field is optional and only for AD connector version 2.7.0 and newer.

Domain controller (optional)

Different domain controllers can be defined for computer, user and group objects. If this is not set default value from general is used. This field is inactive if the domain controller is specified above in the general section

This field is optional.

Username

Username that is used to read AD information.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

For AD connector version 2.6.1 and newer, format of the username setting is: <Domain>\<User>

For AD connector versions older than 2.6.1, format of the username setting is: <User>

Password

Password that is used to read AD information.

If the username and password are defined in General settings, they are used for all computer, group, and user objects. If the username and password are left empty in General settings, they need to be defined separately in computer, group, and user objects settings.

Main: Additional information

Attribute name

Description

Attachments

You may attach files into this field. About attaching files.

This field is optional.

Comments

You may add comments related to this AD connector here.

This field is optional.
 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.