Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Active Directory

            Modified on Mon, May 20 at 2:26 PM

            • Synchronizing Active Directory Integration

              Features

              Password Authentication Synchronizing

              The Active Directory server can be used to authenticate users that are logging into Genesis.   This means that the password stored in the Genesis database is ignored; and the password in the LDAP server is used.

              Synchronizing of names, email addresses and descriptions.

              The integration gives Genesis the ability to copy the first name, last name and email address of users from the Active Directory.   This process by default happens 3 times a day.  When a user's last name is changed in LDAP; it is optionally automatically synchronized to Genesis.

              Import Users

              Users can be imported from Active Directory saving valuable time in creating users.

              Configuration

              The configuration of Active Directory is done on the Setup.Security.Active Directory.Setup tab.  To get started; fill these three fields in and click the save button:

              Field

              Description

              Domain

              The fully qualified Active Directory domain.

              Domain Controller:

              You will need to know either the hostname or TCP/IP address of any Active Directory domain controller.  Genesis connects to Active Directory via TCP Port 636 using the LDAPS protocol.

              User 

              The short name (SAM) of a user to use to perform Active Directory functions within Genesis.   This user should have read access to all user objects.   Genesis will never write data to Active Directory.

              Password

              The password for the above user.

              Once the SAVE button is clicked; a TEST button will appear.  

              Test the Active Directory connection

              Clicking the TEST button will test the connection to Active Directory.   Genesis will try to connect; and login to Active Directory using the LDAP protocol on TCP Port 389 with the credentials supplied.  If you receive an error message that is just the hostname of the Active Directory domain controller that means that it could not connect to the server.

              Setting up existing Genesis users

              If you have Genesis users that already exist; and their logonid is the same as their userid in LDAP; you can configure them to use LDAP for authentication; and synchronization of demographics.  In the Setup.Users.Modify User screen;  the following field needs to be set:

              Field

              Description

              Active Directory Enabled

              When this is set to true; the user's password will be authenticated against Active Directory.  This also gives permission to Genesis to syncrhonize the names, email address and descriptions from Active Directory.

              Importing users from Active Directory into Genesis

              New logonids can be created in Genesis by importing them from Active Directory.  This can be done on the Setup.Security.Active Directory.Import Users tab.  This tab will let you browse the Active Directory tree looking for users to import.  There is a drop down at the top that will let you choose a container to look in.  

              • Containers are LDAP objects that have a objectclass attribute of builtinDomain, organizationalUnit, or Container.
              • Users are LDAP objects with a objectlcass attribute of user.  
              • You can navigate back up the tree one level, by choosing the .. container.
              • Individual users can be selected for import by checking the box next to their logonid.  
              • If you click the check box int the header; all users on the screen will be checked.  To uncheck all users, click the check box in the header again.
              • Optionally, choose a user from the Import selected users with the same roles as drop down list.
              • Notice that users that exist in genesis already; will not have a check box available.

            • Click the Imported Selected Users button to bring these users into Genesis.


              javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]

              This error will occur if the Active Directory Policy has a limit of how many objects can be queried.   See this article on Microsoft's Support Site on how to get around this limitation:

              http://support.microsoft.com/?scid=kb%3Ben-us%3B315071&x=8&y=19

              The MaxPageSize value needs to be increased from the default of 1000 to a more appropriate value.

                

              Mass enabling or disabling the Active Directory Enabled flag for users.

              On the Setup.Security.Active Directory.Setup tab; there are two links in the Tools section that can perform this task.  

              Synchronizing Names, Email and Descriptions from Active Directory

              On the Setup.Security.Active Directory.Setup tab; choose which fields you would like synchronized from Active Directory.  

              The sysnchronization process is a scheduled task that is disabled by default.   To enable the task; navigate to the Core.Scheduler tab.  The task is called Active Directory: Sync. User Fields and by default, runs at 6:30am, 12:30pm,  and 6:30pm.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0