PortSight Secure Access Documentation

Import from Windows NT Domain


This section will guide you through the process of setting up the import from a Windows NT domain.


First, choose the catalog you want to import external data to and then click "New" in the "Directory Ports" dialog. The "Directory Port Settings Wizard" opens.


Step 1 - Name and Type of the Directory Port



Enter some name and choose required type of the data source. Click "Next".


Step 2 - Data Source Configuration



Fill out the following fields:


Note: The password is stored in an encrypted file catalogs.xml.


Click "Next" to continue.


Step 3 - Choosing Types of Selected Objects



Here you can choose what will be imported from the domain:


Note: Windows NT domain doesn't support organizational units.


You can also choose if you want to delete or deactivate accounts in the Secure Access database after they were deleted from the domain.


During the import are generated various events (before/after importing new user,  group, organizational units) and you may hook up these events and programmatically respond to them. In the "Custom Event Handler" section you may specify for each object type path to the DLL that contains specified event handler class. Handling events may be useful when you need to update details of the newly imported accounts or you need to perform some cleaning after deleting an account. For more details about how to write your own event handler class please refer to the Writing Custom Event Handler chapter.


Step 4 - Choosing Objects to Be Imported



In this step, you can specify items that will be or will NOT be imported. By default, all items found in the data source are imported. You can modify this by choosing one of two modes:


Step 5/6 - Mapping User or User Group Properties



In this step, you can map properties of the source object (user or group) to the target object. The left-most column contains source fields (properties of the Windows NT domain user). The right-most column contains the target field (property of the user in the Secure Access catalog).


There are the following default source fields:


In the right-most column you can choose the target field the value will be stored in. The drop-down list contains names of the target properties (marked as "internal") as well as custom-defined properties. If you need to create a new custom property, you can do it by entering it alias in the "New Property Alias" field and clicking "Create".


    Important Notes - PLEASE READ THIS
  1. The field you map to AR_ObjectGUID must be used only for one directory port. It can't be used for several directory ports and it also can't be used for storing other data.
  2. The WinNT provider uses object path (such as WinNT://CZ/JohnD) as a unique identifier. When you change a login name of the domain user, it's necessary to update this field with a new login name before you start the next synchronization. Otherwise, the data related to the original account will be lost. This was unfortunately caused by the Microsoft ADSI library that provides wrong GUID's.
  3. The target fields may only be of string type.
  4. The provider doesn't consider if the account is disabled or not in this version. You're supposed to import domain users for applications that use Windows NT authentication. Thus if the account is disabled or locked out, the user cannot log on into the domain and it's not necessary to check the account validity in Secure Access.


Step 8 - Schedule Import



Specify if you want to run import manually or if you want to schedule a regular import with specified period. Click "Finish" to complete the wizard. Now you can either wait until the import runs automatically (if you chose the regular import) or you can click the "Import Now" in the "Directory Ports" dialog to start import immediately.