4 Replies Latest reply on Oct 30, 2012 4:26 PM by ROMAN Schachta

    Integration with Active Directory

      I am trying to synchronize users from AD groups with RBAC Roles.

      Unfortunately there is one issues I am not able to solve.

      My user domain is DIR.SVC.mycompany.com . If I create users in BSA like - 'user@DIR.SVC.mycompany.com' I can authenticate without issues.

      However when I synchronize users from the AD groups, they are created as - 'user@mycompany.com'.

      This means that I cannot use the synchronized accounts. There is no AD domain 'mycompany.com'.

      It is because, by default the users are created using UserPrincipalName, and in my case the UPN is different from the domain name.


      Is there a way either to translate/route  the authentication from "mycompany.com" to "DIR.SVC.mycompany.com" ?

      Or, maybe when creating/ synchronizing the users I could have them created with the domain part as DIR.SVC.mycompany.com ?


      The synchronization command is:

      C:\Users\roman.schachta>blcli -v defaultProfile -r RBACAdmins RBACRole syncUsers

      TestRole DIR1 Dir1 CN=io.aop.environments,OU=Groups,DC=dir,DC=svc,DC=mycompany,DC=com (objectClass=user) userPrincipalName (objectClass=group) member

      It is working fine and creating the users in the right role (TestRole) but they are created asuser@mycompany.com'.


      Thank you for any suggestions