Import from Windows NT Domain

This section will guide you through the process of setting up the import from a Windows NT domain.

First, choose the catalog you want to import external data to and then click "New" in the "Directory Ports" dialog. The "Directory Port Settings Wizard" opens.

Step 1 - Name and Type of the Directory Port

Enter some name and choose required type of the data source. Click "Next".

Step 2 - Data Source Configuration

Fill out the following fields:

Domain - Name of the Windows NT domain.
User - name of the user account that will be used for reading data from the domain. Please use the full domain name, such as "MyDomain\JohnD". The user must have access for reading domain information.
Password - password of the user account.
Confirm password - repeat password here.

Note: The password is stored in an encrypted file catalogs.xml.

Click "Next" to continue.

Step 3 - Choosing Types of Selected Objects

Here you can choose what will be imported from the domain:

Users - import users.
Groups - import domain user groups.
Membership - import information about membership of users in groups and membership of groups in other groups.

Note: Windows NT domain doesn't support organizational units.

You can also choose if you want to delete or deactivate accounts in the Secure Access database after they were deleted from the domain.

During the import are generated various events (before/after importing new user, group, organizational units) and you may hook up these events and programmatically respond to them. In the "Custom Event Handler" section you may specify for each object type path to the DLL that contains specified event handler class. Handling events may be useful when you need to update details of the newly imported accounts or you need to perform some cleaning after deleting an account. For more details about how to write your own event handler class please refer to the Writing Custom Event Handler chapter.

Step 4 - Choosing Objects to Be Imported

In this step, you can specify items that will be or will NOT be imported. By default, all items found in the data source are imported. You can modify this by choosing one of two modes:

Import all except selected items - all items except those you select (in the right list box) will be imported. If new user or group is created, it will be imported automatically.
Import only selected items - only items you select (in the right list box) will be imported. If new user or group is created, it won't be imported unless you modify this settings manually.

Step 5/6 - Mapping User or User Group Properties

In this step, you can map properties of the source object (user or group) to the target object. The left-most column contains source fields (properties of the Windows NT domain user). The right-most column contains the target field (property of the user in the Secure Access catalog).

There are the following default source fields:

AR_ObjectGUID - a unique identifier (typically a GUID or some other ID) in the data source. It should be an identifier that doesn't change when the user's name or login name changes. It must always be mapped to some property.
AR_Login - loginname of the user in the external data source.
AR_ObjectAlias - a unique property (typically loginname) in the external data source that may be used as the Object Alias in the Secure Access catalog.
AR_ObjectName - a source field (typically the full name) that will be displayed as a name of the object in the Secure Access.

In the right-most column you can choose the target field the value will be stored in. The drop-down list contains names of the target properties (marked as "internal") as well as custom-defined properties. If you need to create a new custom property, you can do it by entering it alias in the "New Property Alias" field and clicking "Create".

Important Notes - PLEASE READ THIS

The field you map to AR_ObjectGUID must be used only for one directory port. It can't be used for several directory ports and it also can't be used for storing other data.
The WinNT provider uses object path (such as WinNT://CZ/JohnD) as a unique identifier. When you change a login name of the domain user, it's necessary to update this field with a new login name before you start the next synchronization. Otherwise, the data related to the original account will be lost. This was unfortunately caused by the Microsoft ADSI library that provides wrong GUID's.
The target fields may only be of string type.
The provider doesn't consider if the account is disabled or not in this version. You're supposed to import domain users for applications that use Windows NT authentication. Thus if the account is disabled or locked out, the user cannot log on into the domain and it's not necessary to check the account validity in Secure Access.

		Important Notes - PLEASE READ THIS
The field you map to AR_ObjectGUID must be used only for one directory port. It can't be used for several directory ports and it also can't be used for storing other data. The WinNT provider uses object path (such as WinNT://CZ/JohnD) as a unique identifier. When you change a login name of the domain user, it's necessary to update this field with a new login name before you start the next synchronization. Otherwise, the data related to the original account will be lost. This was unfortunately caused by the Microsoft ADSI library that provides wrong GUID's. The target fields may only be of string type. The provider doesn't consider if the account is disabled or not in this version. You're supposed to import domain users for applications that use Windows NT authentication. Thus if the account is disabled or locked out, the user cannot log on into the domain and it's not necessary to check the account validity in Secure Access.

Step 8 - Schedule Import

Specify if you want to run import manually or if you want to schedule a regular import with specified period. Click "Finish" to complete the wizard. Now you can either wait until the import runs automatically (if you chose the regular import) or you can click the "Import Now" in the "Directory Ports" dialog to start import immediately.