Overview
The SnapComms Solution utilizes Active Directory information within the Windows desktop OS for the purposes of retrieving the user, machine, attributes and group memberships for populating into the SnapComms Content Manager. This information can then be utilized for targeting content.
Active Directory Groups populated into the SnapComms Content Manager (by default) are Static Groups. Organizational Units can also be populated upon licensing of the Organizational Units (OU) Targeting additional feature. If Active Directory is not your primary data source, SnapComms also offers method to import from our data sources.
The contact point between the SnapComms Solution and the Active Directory information is the SnapComms App. All queries against the Windows OS Active Directory information are performed by the SnapComms App. The SnapComms App is the application installed on users' desktops and forms the client component of the SnapComms solution.
The SnapComms App periodically queries Windows for information about the current user and computer and relays that information through to the SnapComms server, where it is saved and accessed in the SnapComms Content Manager.
At no point does the SnapComms server software communicate directly with Active Directory.
TECHNICAL DETAILS
The SnapComms App maintains a cached copy of the directory information relating to the user. The cached directory information is stored in an encrypted file within the user profile.
The SnapComms App will refresh the Active Directory information from Windows every 6 hours by default. The refresh will occur whenever the age of the cached directory information is at least 6 hours old. The refresh duration can be customized inside the Content Manager. Refresh will also occur the first time a particular user logs onto a desktop.
If the SnapComms App detects a change to the cached directory information as a result of the directory refresh, it will relay the new directory information to the SnapComms server the next time the client communicates with the server. This means that the directory information is only sent to the server whenever a change occurs.
The SnapComms client / app communicates with Active Directory through Active Directory Service Interfaces (ADSI) using the credentials of the logged-on user. ADSI is a standard built-in component of the Windows operating system used for securely interacting with Active Directory.
Nested groups are supported. The Active Directory information is obtained by the SnapComms client / app but is presented as a flattened structure within the SnapComms Content Manager.
There is a timeout of 120 seconds in completing a directory refresh. If the timeout is reached, the refresh is aborted and retried every 5 minutes. Both the timeout and retry duration are also configurable inside the Content Manager.
Filtering Information Obtained
The Windows App Profile is used to configure filters for attributes and groups to restrict the AD information that is sent to the SnapComms server. It also controls other Active Directory information refresh settings. Detailed information of the AD related settings is provided in the Windows App Management - App Profiles article.
List of User Attributes Retrieved
These attributes can be changed to satisfy the balance between targeting and privacy requirements.
objectGUID* |
otherTelephone |
pager |
Default attributes configured for collection are highlighted in bold. Mandatory attributes are highlighted in bold and marked with an asterisk (*).
List of Group Attributes Retrieved
objectGUID* |
Mandatory attributes are highlighted in bold and marked with an asterisk (*).
List of Machine Attributes Retrieved
These attributes can be changed to satisfy the balance between targeting and privacy requirements.
objectGUID* |
givenName |
telephoneNumber |
Default attributes configured for collection are highlighted in bold. Mandatory attributes are highlighted in bold and marked with an asterisk (*).
Comments
0 commentsArticle is closed for comments.