Microsoft Active Directory synchronization

For Microsoft Active Directory (tested with versions 2003 and 2008), the filter entries in Table: Microsoft Active Directory 2003/2008 filter settings retrieve all users from the search base, without retrieving other objects such as groups, contacts, or computers etc.

Example mappings of commonly used Microsoft Active Directory 2003/2008 attributes to their OneSpan Authentication Server Appliance properties are shown in Figure: Filter and attribute mappings for Microsoft Active Directory 2003/2008 (Example).

Figure:  Filter and attribute mappings for Microsoft Active Directory 2003/2008 (Example)

Finding attribute names

The illustrated examples can also be adapted to your organization's needs, for example if a more refined filter is required or if other LDAP server attribute values need to be synchronized to a certain OneSpan Authentication Server Appliance user property.

To add filter or mapping entries, you need to know the attribute name in Active Directory.

The method for finding attribute names explained here may not apply to your particular version of Active Directory. In that case, refer to the product documentation for your Active Directory deployment (see Other LDAP server synchronizations).

To view user account attributes on your Microsoft Active Directory

1. Log on to Microsoft Active Directory.
2. Start the adsiedit.msc program.
3. Navigate to a source user account .
4. Right-click on the user account in the left window and select Properties.

For an alternative method to find LDAP server attribute names, see Other LDAP server synchronizations.