Start your FREE Trial of NetHelpDesk!
Print

Active Directory Integration

To synchronise or import user details from an LDAP directory, such as Active Directory (AD):

LDAP 1

e.g.: LDAP://CN=Users,DC=MyADdomain,DC=co,DC=uk[and department='Finance']

Here is another example of the AD tree and associated LDAP string:

LDAP://ou=guest,ou=hq,ou=sci,DC=adw2k1,DC=co,DC=uk

The order of the OU's is important. It is case insensitive.

Should you have any questions regarding any steps in this guide, please speak with the NetHelpDesk Support Team.


1. LDAP Fields

The LDAP fields or attributes are matched to NetHelpDesk fields using the LDAP matching table in the setup screen. This allows you to choose how the Active Directory fields are related to the NetHelpDesk fields. The LDAP field names can be found out using the ADSIedit program which comes with Windows.

PLEASE NOTE: The label seen in active directory is different to the field name quite often:


LDAP Attribute

Example

CN - Common Name

CN=Guy Thomas. Actually, this LDAP attribute is made up from givenName joined to SN

description

What you see in Active Directory Users and Computers. Not to be confused with displayName on the Users property sheet.

displayName

displayName = Guy Thomas. Avoid this attribute if possible, as it can be confused with CN or description.

DN - also distinguishedName

DN is simply the most important LDAP attribute. CN=Jay Jamieson, OU= Newport,DC=cp,DC=com

givenName

First name

homeDrive

Home Folder : connect.

name

name = Guy Thomas. Exactly the same as CN.

objectCategory

Defines the Active Directory Schema category. For example, objectClass = Person

objectClass

objectClass = User. Also used for Computer, organizationalUnit, even container. Important top level container.

physicalDeliveryOfficeName

Office on the user's General property sheet

profilePath

Roaming profile path: connect

sAMAccountName

sAMAccountName = guyt. Old NT 4.0 logon name, must be unique in the forest. Can be confused with CN.

SN

SN = Thomas. This would be referred to as last name or surname.

userAccountControl

Used to disable an account. A value of 514 disables the account, while 512 makes the account ready for logon.

userPrincipalName

userPrincipalName = guyt@CP.com Often abbreviated to UPN, and looks like an e-mail address. Very useful for logging on especially in a large Forest. Note UPN must be unique in the forest.


1.1 Exchange Specific LDAP attributes


LDAP Attribute

Example

homeMDB

Here is where you set the MailStore

mail

An easy, but important attribute. A simple SMTP address is all that is required billyn@ourdom.com

mAPIRecipient - FALSE

Indicates that a contact is not a domain user.

mailNickname

Normally this is the same value as the sAMAccountName, but could be different if you wished. Needed for mail enabled contacts

mDBUseDefaults

Another straightforward field, just the value to:True

msExchHomeServerName

Exchange needs to know which server to deliver the mail. e.g: /o=YourOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=MailSrv

legacyExchangeDN

Legacy distinguished name for creating Contacts. In the following example, Guy Thomas is a Contact in the first administrative group of GUYDOMAIN: /o=GUYDOMAIN/ou=first administrativegroup/cn=Recipients/cn=Guy Thomas

proxyAddresses

As the name 'proxy' suggests, it is possible for one recipient to have more than one e-mail address. Note the plural spelling of proxyAddresses.

targetAddress

SMTP:@ e-mail address. Note that SMTP is case sensitive. All capitals means the default address.

showInAddressBook

Displays the contact in the Global Address List.


1.2 Other LDAP attributes


c

Country or Region

company

Company or organization name

department

Useful category to fill in and use for filtering

homephone

Home Phone number, (Lots more phone LDAPs)

l (Lower case L)

L = Location. City (Maybe Office)

location

Important, particularly for printers.

manager

Boss, manager

mobile

Mobile/Cell Phone number

ObjectClass

Usually User, or Computer

OU

Organizational unit. See also DN

postalCode

Zip or post code

st

State, Province or County

streetAddress

First line of address

telephoneNumber

Office Phone


1.3 NetHelpDesk Agent Fields for LDAP Sync


Agent Field

Database Field Name

Agent / Technician Name

Uname

Email Address

USMTP

IP Address / PC Name

UPC

Telephone Number

USMS

Job Title

UJobTitle

Secondary Telephone Number (Used on Call Screens)

UExtensionNumber


1.4 NetHelpDesk User Fields for LDAP Sync


User Field

Database Field Name

Username

Uusername

Title

Utitle

Email Address

Uemail

Additional Emails

Uemail2

LDAP Proxy Email

Uemail3

Network Login

Ulogin

Work Direct/Extn.

Uextn

Work General

(set at site level)

Work Mobile/Cell

Umobile2

Home Mobile/Cell

Umobile

Home Fixed

Utelhome

Fax Number

Ufax

User Defined 1

Uother1

User Defined 2

Uother2

User Defined 3

Uother3

User Defined 4

Uother4

User Defined 5

Uother5

Notes

Unotes

Twitter Screen Name

Utwitterscreenname

Disclaimer Matching String

Ufacebookid


1.5 Issue with Child Domains

When logged into one domain, if you try and do an LDAP sync to a child domain, then no users are listed. There is no error message.

This is because the default domain context is taken to be the domain into which you are logged. This can probably be fixed by logging into the child domain.

Alternatively, specify the FDQN of the domain in the LDAP string. For example, it is possible to explicitly specify the FDQN of the LDAP server in the string.

4. Put the child domains FQDN in the string instead to query the child domain.


2. Setting up the LDAP sync as a Scheduled Task

To read the guide regarding setting up an ongoing LDAP Sync, click HERE.


Should you need any assistance with this, or any other feature in NetHelpDesk, simply contact us. We want you to get the most from the product, and our teams are always happy to help.



Our software is available on multiple platforms...

NetHelpDesk is available on a range of devices with industry-leading functionality available throughout.

  • Windows Phone

    Windows Phone

  • Android

    Android

  • iPhone

    iPhone

  • BlackBerry

    BlackBerry

  • Tablets

    Tablets

  • Windows

    Windows