Microsoft Active Directory – Users
About
Microsoft Active Directory is a directory service for Windows domains to enable network authentication and authorization.
Why You Should Integrate
Integrating with a Directory Service like Microsoft Active Directory will provide visibility and increased awareness of user accounts in an environment.
How Does the Integration Work
This integration pulls user-account information from Active Directory using the LDAP protocol.
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
If you haven't already, please review our instructions for configuring the Microsoft Active Directory integration before proceeding with the instructions below.
Configuration Options
Domain
Field | Description | Example |
---|---|---|
Domain | Domain name to include the appropriate suffixes (.com or .local) | development.acme.local |
Exclude users marked as 'disabled' in Active Directory | By default, all users are pulled from the Active Directory domains specified. By selecting this you will pull in only users that are not in a 'disabled' status. | n/a |
Domain Discovery
Field | Description | Example |
---|---|---|
Root Domain | Root domain name to include the appropriate suffixes (.com or .local) | acme.local |
Excluded Domains | A comma separated list of domains to exclude from pulling | development.acme.local, contractor.acme.local |
Exclude users marked as 'disabled' in Active Directory | By default, all users are pulled from the Active Directory domains specified. By selecting this you will pull in only users that are not in a 'disabled' status. | n/a |
External Documentation
Creating credentials
You'll be asked to provide source credentials that Sevco will use to connect to Microsoft Active Directory
The following link will step you through creating an account. https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/create-an-active-directory-server#add-users-and-computers-to-the-active-directory-domain
Required Permissions
The username supplied should be a standard domain user (service account) with read-only access to all computers and users in the domain.
- Requires LDAP query permissions (enabled by default in MS AD)
- Interactive login is not required
- If additional restrictions are applied to a standard user/service account then please ensure it has the following permissions:
- List content
- Read all properties
- Read permissions
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the Suggest Edits
located in the upper right hand corner of the documentation.
Updated 3 months ago