Active Directory Connector¶
The AD connector enables read only import of user information from Microsoft Active Directory (AD).
The AD connector does not enable importing of users from Notes.
Using the AD connector, the administrator can import users and groups from AD using the Select AD Users function in Totalview Admin.
IMPORTANT: Without selecting any AD Groups using the Select AD Users function in Totalview Admin, no users will be imported, regardless of connector configuration.
The AD integration can be set up to import users automatically at specific times, in the AD Connector configuration.
See Select Users for Synchronization for more details on how to get the import working.
The AD connector requires a valid license to be able to connect to the Totalview server.
The TotalviewADTester program can be used to test the settings to be used when reading user information from AD. The tester program is found in then <Totalview>\InstallFiles\AD folder.
AD connector parameters
LDAP address |
The path in ActiveDirectory that should contain the AD Groups to use with AD synchronization. AD users do not need to belong to the path. Only the AD Groups matter. Examples of LDAP paths are listed below. |
Username/Password |
In case the Windows user running the AD connector does not have read access to Active Directory, credential for a Windows user with access can be added. Add Username and Password for a Windows user with access to Active Directory. The Username can be in the format user@domain.com or domainuser. When username/password are used, the authentication method use is Secure. |
Users filter group |
DEPRECATED PROPERTY. Instead of this property, use the “Select AD Users” functionality in Users tab in Totalview Admin. Optional LDAP path to AD Group in ActiveDirectory that limits the import to only take users from the specified group. Only users in the group are imported. If path is left blank all users in the LDAP address path are synchronized for the groups selected for synchronization. It’s required that the Users filter group path is within the LDAP address path. |
Ignore paths |
Optional LDAP path to filter out users with an ending path equal to specified path. E.g. filter out all users with ending path “ou=Users,dc=Contoso,dc=Com”. Multiple paths to ignore can be separated by ;. |
Device length |
Part of the WORK number to be used as local device number in case of fully qualified WORK numbers. E.g. if WORK number is registered as (+45)34123400 then a Device length of 4 will result in a local device number of 3400. If Device length is 0 no changes are made to the WORK number. |
Trim numbers |
Remove blanks from phone numbers when importing. |
Remove parentheses |
Remove parentheses from phone numbers when importing. |
Include security groups |
Include AD security groups in the AD search result. Default is false. |
Ignore child groups |
Only synchronize user in the selected LDAP path and ignore any child groups. Multiple groups can be separated by ;. |
Mapping parameters |
If required the default mapping between Totalview fields and AD properties can be changed. Change the default mapping by adding a new mapping for the Totalview field. More than one AD property can be mapped to the same Totalview field. Separate the AD property value with comma (,) or semicolon (;) to be able to create more than one Totalview field. E.g. register two mobile numbers separated by comma to have two Totalview contact items of type Mobile created for the user. The default mappings are listed here. The Totalview fields that start with CF: are Custom fields. When mapping to custom fields with predefined values, the values must be defined in the list before they can be synchronized. |
Examples of LDAP paths
Tip: It is enough that the LDAP path points to the OU (Organizational Unit) where the AD Groups are located. Where the AD Users are located is not important, as long as the connecting user has proper access.
Path |
Description |
<Empty> |
Group search will be performed accross the entire local AD |
LDAP://contoso.com |
Group search will be performed on the entire contoso.com AD |
LDAP://ADservername or IP |
Group search will be performed on the entire AD |
LDAP://OU=TVUsers,DC=contoso,DC=com |
Group search will be limited to TVUsers Organizational Unit |
LDAP://IP/OU=TVUsers,DC=contoso,DC=com |
Group search will be limited to TVUsers Organizational Unit in the specified AD server |
Active directory sync settings
Sync with AD |
Activate automatic synchronization with AD. When activated the synchronization will be performed once a day at the hour specified in Sync every day at. The synchronization will read from the current AD and update users in Totalview accordingly. |
Clear resource details |
If set all the non-private contact information is cleared when a user is synchronized. If not set, contact information is merged. Preferred if all contact information is read from Active Directory. |
Sync every day at |
Hour of day, in 24 hour format, when to run the automatic AD synchronization. |