Active Directory synchronization

Through a process called synchronization, the Active Directory role also keeps all imported entities up-to-date with changes made on the AD.

All imported entities are synchronized with their source by the Active Directory role. Most of the attributes imported from the AD are read-only in Security Center, except for a few cardholder properties. Imported entities cannot be deleted unless they are deleted from the AD.

CAUTION: If you move a security account from a synchronized AD security group to one that is not synchronized, it is as though the account ceases to exist in Security Center. The Active Directory role deletes the corresponding entities (users and/or cardholders) from Security Center the next time it synchronizes with the AD.

Synchronization is always initiated from Security Center. There are two ways that you can start synchronization:

Manually:
Synchronization is performed when you explicitly request it. This is the default setting. The advantage of this approach is that you have perfect control over when you want the synchronization to be done.
On schedule:
The imported groups are synchronized using a scheduled task.

Information that can be synchronized with the AD

Both standard and custom Security Center fields can be imported from the AD, and kept synchronized with the AD. You can choose which user group, user, cardholder group, and cardholder fields to import from the AD in the Links tab of the Active Directory role.

The standard attributes you can import from the AD are:

User group
- Name
- Description
- Email address
- All group members (users)
User
- Membership in the imported user group
- Username
- Password
- Description
- First name
- Last name
- Email address
- Status: Active or Inactive
Cardholder group
- Name
- Description
- Email address
- All group members (cardholders)
Cardholder
- Membership in the imported cardholder group
- Cardholder name
- Description
- First name
- Last name
- Email address
- Status: Active or Inactive
- Picture (optional through the Links tab)
- Partition (optional through the Links tab)
Credential
- Association to the imported cardholder
- Credential name
- Card data
- Card format
- Facility code
- Card number
- Status: Active or Inactive
- Partition (optional through the Links tab)

Additional attributes are imported from the AD by mapping them to Security Center custom fields. The Active Directory role keeps all imported fields synchronized with the AD.