About Active Directory synchronization - Security Center 5.11

Security Center Administrator Guide 5.11

Product
Security Center
Content type
Guides > Administrator guides
Version
5.11
Language
English
Last updated
2024-07-05

Through a process called synchronization, the Active Directory role also keeps all imported entities up-to-date with changes made on the Windows Active Directory (AD).

All imported entities are synchronized with their source by the Active Directory role.
NOTE: Make sure that the server running the Active Directory role is part of the domain that you are trying to synchronize.
Most of the attributes imported from the AD are read-only in Security Center, except for a few cardholder properties. Imported entities cannot be deleted unless they are deleted from the AD.
CAUTION:
If you move a security account from a synchronized AD security group to one that is not synchronized, it is as though the account ceases to exist in Security Center. The Active Directory role deletes the corresponding entities: users, cardholders, and credentials, from Security Center the next time it synchronizes with the AD. If the deleted entities were referenced by other entities in Security Center, moving the security account back to the synchronized AD security group will not restore these relationships.
Synchronization is always initiated from Security Center. There are two ways that you can start synchronization:
Manually
Synchronization is performed when you explicitly request it. This is the default setting. The advantage of this approach is that you have control over when you want the synchronization to be done.
On schedule
The imported groups are synchronized using a scheduled task.
IMPORTANT: The computer requesting the synchronization and the one executing the synchronization must be configured to use the same Security Center display language. Otherwise, some types of credentials might not be synchronized and will be deleted from Security Center after the synchronization. If you are synchronizing manually, the language set on the workstation running Config Tool must be the same as the language set on the server hosting the Active Directory role. If the synchronization is performed through a scheduled task, the language set on the main server must be the same as the language set on the server hosting the Active Directory role.

Information that can be synchronized with the AD

Both standard and custom Security Center fields can be imported from the AD, and kept synchronized with the AD. You can choose which user, user group, cardholder, cardholder group, and credential fields to import from the AD in the Links page of the Active Directory role.