Related Article: Integrating Active Directory (AD Sync) with CurrentWare

Import AD users from OUs (Organizational Units)

1. On the CurrentWare Web Console, go to Tools > Import Users and select the AD OU Import action.
2. Fill in your domain name, admin username and password to connect to your Active Directory.
• This may take a couple of minutes to connect depending on the size of your Active Directory.
3. Once connected, your users will appear on the right side for you to choose which users and organizational units to import into your console.
4. You can also enable AD Synchronization to import all of your users and keep the web console updated with any new users that connect to your Active Directory.
• Select the action AD OU Synchronization to have that feature enabled.
  

---

Integrating Active Directory (AD Sync) with CurrentWare

Step 1 – Authenticating with your Active Directory

Note: If you are making changes but have already setup an existing grouping structure, it is recommended
to make a backup as there is no AD Sync revert option.

1. On the CurrentWare Web Console, go to Tools > Import Users and select Import users from Active Directory.
2. Select the Active Directory Synchronization action
3. Fill in your domain name, admin username and password to connect to your Active Directory.
• It may take a up to a couple of minutes to connect to your Active Directory.
4. Once connected, your users and organizational units will appear on the right side for you to choose what you want to import into your console.
5. Once synced any changes to these groups will automatically update in the web console every night.
   

Step 2 – Syncing with your Active Directory

Step 3 – Managing “Non-AD” users

Sync Now option

Limitations with CurrentWare’s Active Directory Sync

No Special Characters: CurrentWare cannot sync OU group names containing the following special characters `~!@%^&*©®|;:'<>/?,”

What happens if I rename a group with special characters after I enable AD sync? When a group is renamed with special characters after enabling the sync, that OU will be removed and will not be synced again. Its users will be moved to the root group (CurrentWare) to avoid data loss. Any sub OU will move up in the hierarchy and it keeps syncing along with the corresponding users.

Renaming an OU on AD: when you rename an OU on AD, CurrentWare will see it as a new group on the Console. You will have to reconfigure your CurrentWare settings any renamed OUs.

What happens if I rename a group that has the same name as another group? The OU with the duplicate name will be removed and the users will be moved to the root group (CurrentWare) to avoid data loss.

Import AD users from Security Groups

1. Read the Points to Note section prior to starting an import from Security Groups for important tips
2. On the CurrentWare Web console, go to Tools > Import Users and select the AD Security Group Import & Sync action.
3. Fill in your domain, admin username and password to connect to your Active Directory
   
1. This may take a couple of minutes to connect
4. Once connected, your Security Groups will appear on the right side for you to choose which Groups your users are members of, to import into your console.
   
1. You can use the search box to search or filter by Security Group names or User names
   
   
5. The next page allows you to Set Priority. This provides a way to arrange the priority of the Group allocation in case a user is found to be a member of multiple Security Groups. Based on the Security Groups of a User, the Security Group highest up on the Priority List will become the CurrentWare Group allocated to that User.
   
1. Drag and drop using the arrows icon to arrange the ordering of the Security Groups’ priorities
   
2. Each group has a count of the number of users, which can be clicked to show a list of the users
   
3. A Preview pane on the right shows the result of the current priority list, so that you can see which Groups all users will eventually be imported into.
   
   
6. You can also enable or disable the Automatic Synchronization, which will perform the import every 24 hours
   using the same groups and priority that you have configured
   
   
7. Once you are happy with the Preview, you can press Finish to perform the import of the Groups and Users into CurrentWare
   
   
8. Review the new entries imported / updated in the manage pages.

Note: the icons to denote the type of group: AD and synced, AD imported and not synced, whether containing users or not, or manually created groups (Non-AD Users)

Points to note for Security Group Sync

• Preparation
• Plan ahead, ideally create specific CurrentWare groups in your AD and put all the users that you wish to manage into those group(s).  Create groups that align with the different policies that you wish to set within CurrentWare.
• The import will use the AD SAM-Account-Name attribute as the name of the group in CurrentWare
• Keep to alphanumeric, underscores, spaces in the names, and avoid special characters like "/ \ [ ] : ; | = , + * ? < > ‘ & , which are disallowed
• You may wish to create a Service Account for your CurrentWare server for import and synchronization purposes with the minimum permissions to maximize security
• Depending on your network and permissions configuration, you may need to add the CurrentWare Server as a member of the AD domain from which you will be importing/synchronizing
• Previously created (i.e. manually created) groups will be moved into the [Non-AD Users] along with any existing users who are not members of the imported Security Groups
• If you intend to switch to Security Groups from an existing OU sync
• It is recommended to back up your database first so that in the event that the migration to Security Groups is not how you intended then it is easier to revert back 
• Avoid creating / importing any Security Groups which have the same name as OUs that have been imported into CurrentWare, as this may cause confusion
• Nevertheless, OU groups that have the same name as Security Groups that are being imported will be suffixed with “_(OU)” to help differentiate them
• The current sync method will take precedence, so users previously imported by OU, will be moved to the appropriate Security Group for which they are a member, if that security group is imported, otherwise they will be moved to the root group
• Review
• Review the Users and groups that have been imported.  Any users where their group is not clearly defined (e.g. they are not in any security groups that have been selected to for import) will be moved to the root group.  You can review their allocation in AD and add the users to the appropriate Security Group, then in the next sync (Automatic sync or manually executed Sync Now) the users will be moved to the appropriate group
• Periodically review the AD sync setup - are new users being added to the expected groups?  Do you need to add more user groups, or change the Security Group priority?  You can do so with the Edit button to update the groups to be imported or the priority level