02 Sep 2010 
Icewarp Support Center » Knowledgebase » Technical Help » Integration (ODBC, LDAP, API,etc) » How To Sync With Active Directory
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Article Options
 Add Comment
 Print Article
 PDF Version
 Email Article
 Add to Favorites
 How To Sync With Active Directory
Solution

Introduction

Many organizations use a central Active Directory (AD) server so they can manage their user accounts centrally. IceWarp Server’s synchronization function allows you to regularly synchronize the user accounts in the AD to a specific domain in the server. This synchronization occurs every 15 mins.

Basic scenario

It assumed that in most cases that:

  • the domain name in AD matches the domain name in IceWarp Server.

  • the users are located in the “Users” organization unit (OU) in the AD structure

  • the email domain in AD user properties matches the domain in IceWarp Server that you are synchronizing with.

In these cases you only need to setup:

  • the hostname of your AD

  • the AD user and password (the AD user has to have rights to list users of the AD OU).

  • a backup AD domain name – if there is one - which will be used if the connection to primary AD fails.

Synchronized users (which are in the LDAP/AD mode) will be authenticated against AD, so IceWarp Server will not store their password.

Notes:

  1. The “Test connection...” button lists all available users in the specified AD OU. This list doesn't necessarily match the users being synchronized in IceWarp Server. Where a user’s email domain doesn't match the IceWarp Server domain, that user will not be synchronized.

  2. The “Synchronize Now” button will do exactly that. The synchronization may take some time. You should refresh the interface (F5 key) to see the changes that have been made by synchronization.

Advanced Scenarios

If you want to connect to your AD server using SSL connection you should use following syntax for the Hostname specification: ldaps://ad.icewarpdemo.com

You also have to have the trusted SSL certificate on the AD server.


When the AD domain name is different to the IceWarp Server domain name you need to specify it using a different syntax.

Let’s assume domain icewarpdemo.com in IceWarp Server and domain Icewarpdemo.cz in AD, you would specify:


When the user email in AD has a different email domain you again need to specify this using a different syntax, with a second parameter in the Domain field delimited by a ';'.

Assume domain icewarpdemo.com in IceWarp Server, domain Icewarpdemo.com in AD, and user email domains of <alias>@Icewarpdemo.cz. Then you should specify:


The domain in AD could also have a more complex structure. IceWarp Server is able to synchronize users from an OU specified in DN field.

Assume domain icewarpdemo.com in IceWarp Server, domain Icewarpdemo.com in AD, user emails domains of <alias>@Icewarpdemo.cz, and the following AD structure:

if you want to synchronize the SecondOU's users and OUs the settings in Icewarp would be:


NOTE that LDAP based queries returning more than 1000 results are not, by default, responded by Active Directory. In this case (more than 1000 AD users), you have to increase the maximum page size (MaxPageSize variable) on your Active Directory server. To do it, use the Ntdsutil.exe tool. For more info visit http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech



Article Details
Article ID: 504
Created On: 27 May 2008 07:46 PM

 This answer was helpful  This answer was not helpful

 User Comments Add a Comment
 Back
Home | Register | Submit a Ticket | Knowledgebase | Troubleshooter | News | Downloads
Language: