Importing from Active Directory

Overview

The SnapComms Solution utilizes Active Directory information within the Windows desktop OS for the purposes of retrieving the user, machine, attributes and group memberships for populating into the SnapComms Content Manager. This information can then be utilized for targeting content.

Active Directory Groups populated into the SnapComms Content Manager (by default) are Static Groups. Organizational Units can also be populated upon licensing of the Organizational Units (OU) Targeting additional feature. If Active Directory is not your primary data source, SnapComms also offers method to import from our data sources.

The contact point between the SnapComms Solution and the Active Directory information is the SnapComms App. All queries against the Windows OS Active Directory information are performed by the SnapComms App. The SnapComms App is the application installed on users' desktops and forms the client component of the SnapComms solution.


The SnapComms App periodically queries Windows for information about the current user and computer and relays that information through to the SnapComms server, where it is saved and accessed in the SnapComms Content Manager.

At no point does the SnapComms server software communicate directly with Active Directory.
 

TECHNICAL DETAILS 

The SnapComms App maintains a cached copy of the directory information relating to the user. The cached directory information is stored in an encrypted file within the user profile.


The SnapComms App will refresh the Active Directory information from Windows every 6 hours by default. The refresh will occur whenever the age of the cached directory information is at least 6 hours old. The refresh duration can be customized inside the Content Manager. Refresh will also occur the first time a particular user logs onto a desktop.


If the SnapComms App detects a change to the cached directory information as a result of the directory refresh, it will relay the new directory information to the SnapComms server the next time the client communicates with the server. This means that the directory information is only sent to the server whenever a change occurs.


The SnapComms client / app communicates with Active Directory through Active Directory Service Interfaces (ADSI) using the credentials of the logged-on user. ADSI is a standard built-in component of the Windows operating system used for securely interacting with Active Directory. 


Nested groups are supported. The Active Directory information is obtained by the SnapComms client / app but is presented as a flattened structure within the SnapComms Content Manager.


There is a timeout of 120 seconds in completing a directory refresh. If the timeout is reached, the refresh is aborted and retried every 5 minutes. Both the timeout and retry duration are also configurable inside the Content Manager.


Filtering Information Obtained 
The Windows App Profile is used to configure filters for attributes and groups to restrict the AD information that is sent to the SnapComms server. It also controls other Active Directory information refresh settings. Detailed information of the AD related settings is provided in the Windows App Management - App Profiles article.

 

List of User Attributes Retrieved

These attributes can be changed to satisfy the balance between targeting and privacy requirements.
 

objectGUID*
cn*
givenName
initials
sn
displayName
description
info
userPrincipalName*
sAMAccountName*
memberOf
mail
telephoneNumber
physicalDeliveryOfficeName
company
department
manager
title

otherTelephone
wWWHomePage
url
c
l
co
postOfficeBox
st
streetAddress
postalCode
facsimileTelephoneNumber
otherFacsimileTelephoneNumber
homePhone
otherHomePhone
ipPhone
otherIpPhone
mobile
otherMobile

pager
otherPager
extensionAttribute1
extensionAttribute2
extensionAttribute3
extensionAttribute4
extensionAttribute5
extensionAttribute6
extensionAttribute7
extensionAttribute8
extensionAttribute9
extensionAttribute10
extensionAttribute11
extensionAttribute12
extensionAttribute13
extensionAttribute14
extensionAttribute15

Default attributes configured for collection are highlighted in bold. Mandatory attributes are highlighted in bold and marked with an asterisk (*).

 

List of Group Attributes Retrieved

objectGUID*
cn*
description
memberOf

Mandatory attributes are highlighted in bold and marked with an asterisk (*).
 

List of Machine Attributes Retrieved

These attributes can be changed to satisfy the balance between targeting and privacy requirements.

 

objectGUID*
cn*
dNSHostName
location
machineRole
managedBy
operatingSystem
operatingSystemHotfix
operatingSystemServicePack
operatingSystemVersion
l
co
postOfficeBox
st
streetAddress
postalCode
facsimileTelephoneNumber
otherFacsimileTelephoneNumber
homePhone
otherHomePhone

givenName
initials
sn
displayName
description
info
userPrincipalName
sAMAccountName
memberOf
mail
ipPhone
otherIpPhone
mobile
otherMobile
pager
otherPager
extensionAttribute1
extensionAttribute2
extensionAttribute3
extensionAttribute4
extensionAttribute5

telephoneNumber
physicalDeliveryOfficeName
company
department
manager
title
otherTelephone
wWWHomePage
url
c
extensionAttribute6
extensionAttribute7
extensionAttribute8
extensionAttribute9
extensionAttribute10
extensionAttribute11
extensionAttribute12
extensionAttribute13
extensionAttribute14
extensionAttribute15

Default attributes configured for collection are highlighted in bold. Mandatory attributes are highlighted in bold and marked with an asterisk (*).

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.