Skip to content

Microsoft Active Directory integration

This documentation describes how to connect OctoSAM to Microsoft Active Directory.

Basic operation

The Microsoft Active Directory integration is built into the OctoSAM import service. The service uses the Microsoft AD APIS. OctoSAM reads information about registered users, devices, and groups maps it to the OctoSAM data model.

Your network infrastructure needs to allow LDAP(s) calls from the OctoSAM server to the global catalog servers for your AD domain(s).

Required AD permissions

We reccommend that you give the Service Account read rights to all AD object.

In case you are not able to allow direct connections via trusts, the import service allows to specifiy credentials to connect to remote Active Directory.

For special situations, OcotSAM also allow the import of LDIFDE generated files.

Configuration

See the sample configuration file appsettings.json:

Configure Active Directory group scans

See the sample appsettings.json file provided with your installation for detailed configuration options.

Data consolidation

In general OctoSAM does not try to consoldidate the data received from Active Directory. Instead fields from AD are named Directory... and are stored in parallel with the data recieved from other sources such as the OctoSAM Scanners.

Active Directory date formats and representation

Active Directory uses timestamp formats that are not directly supported in Microsoft SQL Server.

TODO: Document conversion rules for Active Directory timestamps.

Active Directory classes and attributes

DirectoryPath and DirectoryContainerPath fields

DirectoryPath contains the distinguished Name (DN) of the object in Active Directory. DirectoryContainerPath contains the distinguished Name of the container of the object. DirectoryContainerPath is provided for easy querying and grouping of objects using SQL.

Machine

The OctoSAM Machine entity gets Active Directory Attributes from the Active Directory Computer class.

User

The OctoSAM Machine entity gets Active Directory Attributes from Active Directory User class.