If you are on v 12 or later, you can simply configure the address book to read from AD/LDAP.
I’f you are on 11.x or prior, you need to DynamicAD connector.
this was great information, however, that portion works, now I need to set-up an "IMPORT TASK" to import all the Users from the AD server.
I go through setting up the "Task" as follows:
LDAP Server Address=(IP of the LDAP Server)
LDAP Server Port=389
LDAP Base Entry=OU, OU, DC, DC (all specific to the LDAP server)
Distinguished Name=(Fully Qualified Name)
Password=(password for the Distinguished Name)
TEST Connection = SUCCESSFUL
LDAP Filter - blank (not a required field)
Authentication method - blank (not a required field)
Container = Global Address Book (specific name)
System Role for all Users = "Customer"
Authentication method = LDAP Auth
Container = (our name for the Global address book)
Container role = All Users Read Access
Item type in Container = Contact
Map import Fields
User Management Fields -> Field Type -> Source Fields
User* -> Text -> userAccountControl (I have tried various selections for this)
Name* -> Text -> name
Outcome Notification -- BLANK
Schedule Task - I provide a name, Click the "Immediately" radio button, set the recurrence.
Click the "Schedule Task" button
I receive an "Unexpected Error", the task window does not populate, the "Unexpected Error" states some of the following (no I can upload, my instance of Footrprints is on a Classified System. Error "Infrastructure.Error.001"
Starting @ Filter
This is used to import users from specific OUs or Groups. Customers often use a filter to import the “agents” first, then go back for a full import with the Update Existing Users unchecked.
User Profile and Authentication look OK
Associated Containers; This is where you would assign the user the areas of the product they have access to and at what level. If the need to create tickets in a container, you need to grant the access level to that container. Example; Service Desk – Read, submit, edit or AddressBook – read request. You will want to grant all users the access they will need (at a minimum).
Where I see the biggest issues is in the Field Mappings. All users need, at a minimum, User ID and Email Address. When you make a successful connection to LDAP, the available fields windows will populate. Always start on the Footprints side and match to the LDAP side.
User Name/User ID will map to samAccountName
Email will map to mail
Full Name maps to cn
Hope that helps,
Thank you, I will give this a shot
Kevin D. May, Contractor
ManTech Intelligence Sector
Configuration/Project Manager, ISSO Principle
CompTIA Security+ ce
ITIL v3 Foundation
(202) 404-0581 (STE)