Through a process called synchronization, the Active Directory role also keeps all imported entities up-to-date with changes made on the Windows Active Directory (AD).
All imported entities are synchronized with their source by the Active Directory role.
NOTE: Make sure
that the server running the Active Directory Role is part of the domain that you
are trying to synchronize.
Most of the attributes imported from the AD are read-only in Security Center, except for a few cardholder
properties. Imported entities cannot be deleted unless they are deleted from the
AD.
CAUTION:
If you move a security account from a synchronized AD
security group to one that is not synchronized, it is as though the account
ceases to exist in Security Center. The
Active Directory role deletes the corresponding entities: users, cardholders,
and credentials, from Security Center
the next time it synchronizes with the AD. If the deleted entities were
referenced by other entities in Security Center, moving the security account
back to the synchronized AD security group will not restore these
relationships.
Synchronization is always initiated from Security Center. There are two ways that you can
start synchronization:
- Manually
- Synchronization is performed when you explicitly request it. This is the default setting. The advantage of this approach is that you have control over when you want the synchronization to be done.
- On schedule
- The imported groups are synchronized using a scheduled task.
Information that can be synchronized with the AD
Both standard and custom Security Center fields can be imported from the AD, and kept synchronized with the AD. You can choose which user, user group, cardholder, cardholder group, and credential fields to import from the AD in the Links page of the Active Directory role.