Skip to main content
Create an AD/LDAP mapping
Updated over a week ago

License editions: To understand the applicable license editions, see Plans & Pricing.

Overview

The inSync AD/LDAP mapping wizard allows you to create users in inSync by importing their details from your Active Directory (AD) or LDAP. In an AD/LDAP mapping, you define filter parameters to extract user details from your AD/LDAP. You also define the profile, storage, and quota that inSync must assign to users who match the filter parameters.

AD/LDAP Mapping is only used for:

  • Initial onboarding - Import users and their details in inSync using the filters from registered AD/LDAP and create users in inSync.

  • Automatically import new users that are added to AD/LDAP periodically.

Prerequisites

Ensure that you have completed the following configurations:

  1. Installed the AD/LDAP Connector. For more information, see Install or upgrade AD/LDAP Connector.

  2. Configured the AD/LDAP Connector. For more information, see Configure AD/LDAP Connector.

  3. Registered your AD/LDAP with inSync. For more information, see Register your AD/LDAP.

  4. Created the inSync Profile. For more information, see Create a Profile.

About AD/LDAP filters

The following table lists the methods that you can use to define AD/LDAP filter parameters.

Filter Method

Description

Regular filters

For most AD/LDAP mappings, it is recommended to use this filter method.
This method assists you by providing suggested options, through making queries to your AD/LDAP. Based on the values you input in the fields, inSync populates the subsequent fields with the suggested values after querying your AD/LDAP.


๐Ÿ“ Note
โ€‹You must select the values in sequential order because selecting the previous field populates the list in the next field.


Manual filters

This method should be used only if you are well-informed about your organization's AD/LDAP structure.

This method allows you to enter the values for each field manually.
To use this method, click Switch to manual AD/LDAP filters at the bottom of theย AD/LDAP Configurationย page.

Procedure

To create an AD/LDAP mapping:

  1. From the Endpoints Console, go to Users.

  2. Select the User Provisioning tab.

  3. Under the Mappings tab, click New Mapping.

  4. Under AD/LDAP Configuration, provide the appropriate information for each field.

    • AD/LDAP Mapping Name: Type a name for this AD/LDAP mapping.

    • AD/LDAP Server: Select the AD/LDAP server with which you want to associate this AD/LDAP mapping from the drop-down list.

    • Base DN: Select the Base DN for which you want to view the organization units and groups.

    • Name used for creation:

      Select one of the following:

      • If you want to create inSync user names in the first name and last name format, click Common Name(cn).

      • If you want to use the Universal Principal Name(UPN) as the inSync user name, click Universal Principal Name(UPN)

    • FILTER USERS

    • Organizational Unit: Select the organization unit from which you want to query for users.

    • AD Group:

      Select the AD/LDAP group from which you want to query for users. Do one of the following to select users:

      • Select a group that directly contains users.

      • If you want to import users from groups that are outside the local domain, the group must be a universal security group.

      The Select Group box populates groups based on the Organizational Unit (OU) you have selected. To query theย users,ย select the appropriate group from the list. Users are mapped to the Organizational Unit based on the combination of the selected criteria.


      ๐Ÿ“ Note
      โ€‹ Nested primary groups are not supported.


    • Department:

      Type the department from which you want to query for users.
      Select a department only if it has been defined in your AD/LDAP. Otherwise, leave this field blank.


      ๐Ÿ“ Note
      โ€‹If you select a department that does not exist in the AD/LDAP, inSync does not import any user.


    • Country:

      Select the country from which you want to query for users.
      Select a country only if it has been defined in the AD/LDAP. Otherwise, leave this field empty.


      ๐Ÿ“ Note

    • โ€‹If you select a country that does not exist in the AD/LDAP, inSync does not import any user.

    • โ€‹If you choose to manually provide the AD/LDAP Configuration details, ensure that you type the LDAP distinguished nameof the Base DN, Organizational unit, and AD/LDAP group.
      โ€‹For example:
      OU=Marketing
      DC=AD-cloud
      DC=druva,DC=com
      To find the distinguished name, open the AD/LDAP object property window on your AD/LDAP server, and under the Attribute Editor tab, find the distinguishedName field.


  5. Under inSync Configuration, provide the appropriate information for each field.

    • Profile:

      Click the profile to which you want to assign the users that you import from your AD/LDAP.

      In the drop-down list, the following icon is displayed for the data lock enabled profile.
      โ€‹Image

      After selecting this profile, you cannot:

      • Delete the snapshots, users, and devices associated with the profile.

      • Change the profile of users.

      • Remove the license of the user.

      For more details, see Data Lock.


      ๐Ÿ“ Note
      โ€‹Ensure the following if you plan to use the AD/LDAP password method for user login:

      • Do not select a profile to which you have added users individually by using a CSV file.

      • Ensure that the login method for the selected profile is set to AD/LDAP Account.

      For more information, see Configure the user login mechanism.


    • Storage: Click the storage where inSync must store the backup data from user devices.

    • Default Quota:

      Type the quota for the users.


      ๐Ÿ“ Note
      โ€‹ The quota defined here in AD Mapping takes precedence over the quota assigned to the user in the profile.


    • Auto import new users:If you want to automatically import user details from your AD/LDAP at regular intervals, select this checkbox.

    • Send activation email to newly added users:

      If you want inSync to send activation emails to new users, select this checkbox.


      ๐Ÿ“ Note
      โ€‹ This checkbox appears only if you select Auto import new users checkbox in the previous step.


  6. Click Finish.

AD/LDAP Mapping is created. inSync imports users based on the criteria defined and creates inSync accounts for them as per the defined configuration.

Next Step

You can update the priority of the newly created AD/LDAP Mapping over other existing AD/LDAP Mappings based on your preference. To know more about assigning priority to an AD/LDAP Mapping, see Set Priority for an AD/LDAP Mapping.

Did this answer your question?