Menu

Setting up active directory synchronization

For the synchronization of user data, you have to create a user object in the active directory for which the appropriate replication permissions have to be set. Here, the “replicate directory changes” and “replicate all directory changes” permissions must be set. Subsequently, when setting up the active directory synchronization service in Cloud Manager, this user must be specified as an active directory user.

The following steps are necessary for setting the permissions:

  1. Setting of permissions with ACL Editor
    • Open the active directory user and computer snap-in.
    • Click on “Advanced functions” in the View menu.
    • Right-click on the domain object, e.g., “company.com”, and then click on “Properties”.
  2. If the required user account is not listed, click on “Add” in the “Security” tab. If the required user account is listed, proceed with Step 7.
  3. Click on “Add” in the “Users”, “Computers”, or “Groups” dialog box and select the required user in the subsequent dialog.
  4. Click on “OK” to return to the “Properties” dialog box.
  5. Click on the required user account.
  6. In the Permissions dialog box, click on the “Replicate directory changes” and “Replicate all directory changes” check boxes.
  7. Click “Apply” and then click “OK”.
  8. Close the snap-in.

If the VPN connection has been established successfully, you can continue with the synchronization setup in Cloud Manager. To do this, select the “Active directory synchronization” menu item under the “User management” main menu item.

Establishing a connection to your active directory

Enter the required parameters for your active directory in the form view for entering connection data for your active directory.

Under “Domains*”, select the domain(s) for which user objects in your active directory are to be synchronized. Please note that only verified domains are displayed in the list of domains. If the domain you are intending to use for active directory synchronization is not listed, use the domain management to make sure the respective domain is marked as verified.

Example:

In your active directory, user objects are created with the UPN (User Principal Name) name.firstname@company.de. For synchronization, the domain “company.de” must be registered as a verified domain in the domain management. In Cloud Manager, synchronized user objects are assigned based on the UPN, where the associated domain must be unambiguously assigned to your organization. After you have entered all necessary data, click on the “Log in” button. Your connection data will then be checked. For this, please make sure that the VPN tunnel is established between your infrastructure and that of Telekom.

Specifying AD  containers

If it has been possible to successfully establish a connection to your active directory, a display of your AD directory structure will be added to the editing form. In the display of the directory structure, please specify the AD containers to be included in the synchronization, and then click on the button to save the settings. After saving the settings, you will then see a status page that informs you of the completion of the active directory synchronization setup.

Note: On weekdays, the synchronization setup will be concluded within 24 hours. You will be informed by email when the setup has been completed. From this point on, synchronized users are displayed with the addition of “[sync]” in the user management, whereby only users with the parameters “First name”, “Last name”, “Display name”, and “Login name” (User Principal Name) are synchronized.

Synchronizing users

It is not possible to edit synchronized user data for synchronized users or to delete synchronized users in Cloud Manager. Synchronization proceeds unidirectionally from your active directory to the Cloud Manager platform. Thus, user data is updated exclusively in your active directory.

User data is currently synchronized once daily. The time of synchronization is determined automatically. Please contact the Service Desk if you require a specific synchronization time.

The full functional scope of Cloud Manager is available to you for all other administrative tasks, such as the assignment of products, saving as a group, or resetting Passwords.

Passwords for synchronized users

Each synchronized user is still assigned a randomly generated password when initially created. The user management gives you the option of exporting a complete password list for synchronized users and making it available to the users in your organization. To do this, use the “Export list” function in the user list and then select the option “Password list”.

Please note that entries in the password list are only included until the user’s password has been changed.

Sidebar