AD MA
Management Agent for Active Directory
Type: Active Directory Domain Services
Versjonsnummer: 1.1.0
Dato: 26.04.2017
Målsystem Versjon: 2016.02
Objecttyper: group, user
Beskrivelse
Management agenten for Active Directory jobber mot ett eller flere Active Directory domener. Det må være en MA pr domene. Feks en MA for elev AD og en MA for ansatt AD. Agenten oppretter, sletter og vedlikeholder AD user og group objecter.
Parametre
Flow
Person
Export
| CS Object Type | CS Attributes | Mapping Type | MV Object Type | MV Attribute | Advanced Rule |
|---|---|---|---|---|---|
| user | department | Direct | person | department | |
| user | givenName | Direct | person | firstName | |
| user | streetAddress | Direct | person | basHomeAddress | |
| user | l | Direct | person | basHomeCity | |
| user | Direct | person | |||
| user | homePhone | Direct | person | basHomePhone | |
| user | manager | Direct | person | manager | |
| user | mobile | Direct | person | mobilePhone | |
| user | company | Direct | person | basOrgUnitname | |
| user | employeeNumber | Direct | person | basSSN | |
| user | title | Advanced | person | basPositionTitle | ADMA_title |
| user | sAMAccountName | Direct | person | uid | |
| user | telephoneNumber | Direct | person | officePhone | |
| user | userPrincipalName | Advanced | person | uid | ADMA_userPrincipalName |
| user | userAccountControl | Advanced | person | basUserActive | ADMA_userAccountControl_check_basUserActive |
| user | sn | Direct | person | lastName | |
| user | displayName | Direct | person | displayName |
Import
| CS Object Type | CS Attributes | Mapping Type | MV Object Type | MV Attribute | Advanced Rule |
|---|---|---|---|---|---|
| user | <dn> | Direct | person | basDn | |
| user | Direct | person |
Group
Import
| CS Object Type | CS Attributes | Mapping Type | MV Object Type | MV Attribute | Advanced Rule |
|---|---|---|---|---|---|
| group | <dn> | Direct | group | basDn |
Export
| CS Object Type | CS Attributes | Mapping Type | MV Object Type | MV Attribute | Advanced Rule |
|---|---|---|---|---|---|
| group | displayName | Direct | group | displayName | |
| group | member | Direct | group | member | |
| group | sAMAccountName | Direct | group | uid | |
| group | info | Advanced | group | type | ADMA_groupType |
| group | description | Direct | group | description | |
| group | mailNicname | Direct | group | uid |
Kode
Flow rules
Alle flow og provisionreglene er laget i Python og modifiseres via VigoBAS-Config webben.
Import/Export flow
| Navn på regel | Beskrivelse |
|---|---|
| User | |
| ADMA_title | Tar kun de 128 første karakterene fra MV attributtet basPositionTitle og flyter til AD attributtet title. Dette fordi AD attributtet maks kan ha 128 tegn. |
| ADMA_userPrincipalName | Gernererer userPrincipaleName (UPN). |
| ADMA_userAccountControl_check_basUserActive | Setter userAccountControl bitet til 512 (enable) eller 514 (disable) basert på om MV attributtet basUserActive er True/False. |
| Group | |
| ADMA_groupType | Setter groupType på de ulike gruppene. Feks Universal/Global Security/Distribution. Se verdier i ADMA ist veiledning |
Provision (initial) flow
| Attributt | Beskrivelse |
|---|---|
| User | |
| DN | distinguishedName til brukerobjectet. Blir generert utifra MV attributtene CN (genereres av Users MA)og basUinitOU (genereres av Import MA eller av Users MA). |
| homeMDB | For exchange provisioning. Databasen hvor brukerens postkasse blir opprettet |
| msExchHomeServerName | For exchange provisionering. DN til exchangeserver. |
| mailNickname | For exchange provisionering. Alias til postboksen for brukerobjectet. |
| Group | |
| DN | distinguishedName til gruppeobjectet. Kan settes pr gruppetype |
Repository
Git Repoisitory: https://buddysamarbeidet.visualstudio.com/DefaultCollection/_git/Buddysamarbeidet Mappe: AD MA benytter ikke en egen dll for provisioning og flow. Den benytter felleskomponetene for flow og provisioning som ligger i VigoBAS Core. Se VigoBAS HLD dokumentasjon.