Working with Directory Services

The Business Importer can import data from directory services, such as Microsoft Active Directory, or Novell eDirectory. However, configuration and settings are quite unlike other drivers.

Credentials

Usually no login and password are needed as the Business Importer runs under an account that has read access to the directory from which data is to be collected. However, if necessary, login, password, and authentication type can be provided within the ConnectionString attribute using the following format:
Login=value;Password=value;AuthenticationType=value
The values for AuthenticationType are listed in the following table. Because not all values are supported by all directory services, please check the documentation for your directory service (for example, see https://msdn.microsoft.com/en-us/library/system.directoryservices.authenticationtypes%28v=vs.110%29.aspx).
Authentication Type Description
Anonymous

No authentication is performed.

Delegation

Enables Active Directory Services Interface (ADSI) to delegate the user’s security context.

Encryption

Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.

FastBind

Specifies there will be no attempt to query the Active Directory Domain services objectclass property.

ReadOnlyServer

For a WinNT provider, the Business Importer tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.

Sealing

Encrypt data using Kerberos.

Secure

Requests secure authentication. This is the default value.

SSL SecureSocketLayer

Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.

ServerBind

Used only if ADsPath includes a server name.

Signing

Verifies data integrity to ensure data received is the same as the data sent.

None

Set to use basic authentication.

Query structure

Each query to a directory service is made up of two parts:
  • A filter, defined in the Query attribute of the Import element (see Query Attribute).
  • A comma-separated list of properties to read, defined in the PropertiesToLoad attribute of the Import element (see Import Element.)
In defining the filter in the Query attribute, each element must be enclosed in parentheses. Expressions can use the relation operators <, <=, =, >=, >. Examples:
(objectClass=user)
(lastName>=Davis)
Compound expressions are formed with the prefix operators & and | (logical-AND and logical-OR). Examples:
(&(objectClass=user)(lastName= Davis))
(&(objectClass=printer)(|(building=42)(building=43))) 

Additional parameters

The driver supports numerous additional parameters (server timeout, searchscope, sizelimit, and so on). Usually, there is no need to modify the default values set by the connector.
Important: When using eDirectory, the pagesize attribute must be set to -1.

ADSI example

In this example XML adapter file, users and their associated domains and locations are retrieved from Active Directory:
<Import 
	Name="ADUser" 
	Type="ADSI" 
	ConnectionString=""
	Query = "(&amp;(objectCategory=user)(objectClass=person)(mail=*))"
	Properties="distinguishedname,sn,cn,givenname,c,company,
		department,division,displayName,employeeID,EmployeeNumber,
		mail,manager,middleName,mobile,title,telephoneNumber,
		SAMAccountName">
	<Log Name="NewLog"
		Output="file"
		Loglevel="warning"
		filename="[DATE][TIME][IMPORT NAME].log.txt">
	</Log>
	
	<Object Name="Location"
		Type="Location"
		Output="locationid1"
		Update="false"
		Create="True">
		<Property Type="groupCN"
			Name="Name"
			Update="No Update"
			Value="distinguishedname"
			ValueType="FieldValue"
			UseForMatching="True"
			Regex="(?&lt;=OU=).*?(?=,)"
			RegexOrder ="reverse">
		</Property>
		<Property Type="groupexid"
			Name="ID"
			Update="No Update"
			Value="locationid1"
			ValueType="FieldValue"
			UseForMatching="true"
			MatchingMask="[value]%."
			MatchingMode ="like"
			UseNullValueForMatching="removeproperty">
		</Property>
	</Object>
	
	<Object Name="Compliance Domain"
		Type="compliancedomain"
		Output="compliancedomainoutid"
		Update="False"
		Create="True">
		<Property Name="Qualified Name"
			Type="QualifiedName"
			Update="Never"
			Value="distinguishedname"
			ValueType="Field Value"
			UseForMatching="false"
			Regex="(?&lt;=DC=).*"
			RegexReplace=",DC="
			RegexReplaceBy= ".">
		</Property>
		<Property
			Name="Flat Name"
			Type="flatname"
			Update="Never"
			Value="distinguishedname"
			ValueType="Field Value"
			UseForMatching="true"
			Regex="(?&lt;=DC=.*DC=).*?(?=,DC=)">
		</Property>
	</Object>
	
	<Object
		Name="User"
		Type="user"
		Output="useroutid"
		Update="true"
		Create="True">
		<Property Name="User Name"
			Type="username"
			Update="Always"
			Value="cn"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="EmployeeNumber"
			Type="employeenumber"
			Update="Always"
			Value="EmployeeNumber"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="FirstName"
			Type="firstname"
			Update="Always"
			Value="givenname"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="MiddleName"
			Type="middlename"
			Update="Always"
			Value="middleName"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="LastName"
			Type="lastname"
			Update="Always"
			Value="sn"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="JobTitle"
			Type="jobtitle"
			Update="Always"
			Value="title"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="BusinessPhoneNumber"
			Type="BusinessPhoneNumber"
			Update="Always"
			Value="telephoneNumber"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="MobilePhoneNumber"
			Type="MobilePhoneNumber"
			Update="Always"
			Value="mobile"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="Locationid"
			Type="locationid"
			Update="Always"
			Value="locationid1"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="Email"
			Type="Email"
			Update="Always"
			Value="mail"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
		<Property Name="SAMAccountName"
			Type="SAMAccountName"
			Update="Always"
			Value="SAMAccountName"
			ValueType="Field Value"
			UseForMatching="True">
		</Property>
		<Property Name="ComplianceDomainID"
			Type="ComplianceDomainID"
			Update="Always"
			Value="ComplianceDomainoutID"
			ValueType="Field Value"
			UseForMatching="False">
		</Property>
	</Object>
</Import>

FlexNet Manager Suite (On-Premises)

2023 R2