Microsoft Active Directory
query data can be integrated and synchronized codeless with various other data sources, on-premise or in the cloud, using the Layer2 Cloud Connector
. Please take a look here
for supported systems and applications.
Active Directory Integration with Office 365 & SharePoint
To connect to Microsoft Active Directory the data source entity must be configured as follows in the Layer2 Cloud Connector Connection Manager:
Fig: Example Active Directory data entity configuration.
Active Directory Specific Configuration Settings
- Please select the OleDb Data Provider as data source. Refer to ADSDSOObject later on. Both should be installed on any Windows OS.
- A valid connection string looks like this: Provider=ADSDSOObject;User Id=myUsername;Password=myPassword;
- Please be aware that the connection will validate even if it has incorrect user information! Check to make sure the Username and Password are correct, else it can error when validating the select statement later.
- Please note the optional page size parameter in connection string for longer lists (>1000 items). In some cases the page size must be set for the AD as well to work as expected:
- See here for more about ADSI queries. A valid query can look like this:
SELECT displayname, title, name, objectSID, ADSPath, givenName, sn, cn, company, department, l, mail, telephoneNumber From 'LDAP://myserver.mydomain.lokal/OU=MyOU, OU=Users,OU=MySubOU, DC=MyDomain,DC=lokal' WHERE objectClass='user' AND objectCategory='Person'
- Please verify the select statement. If there are any issues, please check your access rights first (execute as admin).
- Start with a very basic query and increase complexity step-by-step. Select as few fields as required to increase performance. Use the data preview to check out the result of your query.
- The SQL supported by the Microsoft-based data provider is very specific. This is a known issue and not Layer2 product-related. You can find query samples in the internet via Google. In case of where conditions don't use "myField IS NOT NULL" or myField != ''. MyField = '*' could help.
- You can find more examples here.
- Primary Key: Include the unique ADSPath field in your query and use it as a "primary key" (unique column value) for synchronization.
Active Directory Integration - Known Issues and workarounds
- You cannot sync local Active Directory content for administrative tasks, e.g. Office 365 / SharePoint user provisioning (ala DirSync). The connection is just for data sync, e.g. to SharePoint lists (including contact lists), Exchange contacts, SQL tables etc.
- Note that some Active Directory properties / fields are binaries and do not have a ToString conversion implemented in ADSI. Those fields cannot be managed using the connector.
- Date fields are returned as "System._ComObject" by the provider. There is no workaround for this so those fields cannot be managed using the connector
- Images managed in the AD cannot be mapped / synchronized.
- The data provider does not support DISTINCT operations, e.g. to create a list of departments. But you can sync to any SQL database or Microsoft Access first to have such type of operations available there. You can sync to other systems in a 2nd step from SQL to push e.g. departments to a SharePoint lookup list.
- Note that the Microsoft ADSI data provider is read-only. No write-operations supported.
- Alternatively there is an 3rd party AD / LDAP Data Provider available from RSSBus / CData. But there are also issues with write access in this case.
- The connection string will still validate even if some of the information is wrong, like username or password is incorrect. Verify those are correct if you get unexplained errors when trying to validate the select statement.
Step-by-Step Intros For Active Directory Integration Scenarios
You can integrate and sync with various sources listed here
. More information about specific scenarios:
Next Steps For Evaluation
You can register to download and evaluate the Layer2 Cloud Connector here