Through a process called synchronization, the Active Directory role also keeps all imported entities up-to-date with changes made on the Windows Active Directory (AD).
All imported entities are synchronized with their source by the Active Directory role.
NOTE: Make sure
that the server running the Active Directory role is part of the domain that you
are trying to synchronize.
Most of the attributes imported from the AD are read-only in Security Center, except for a few cardholder
properties. Imported entities cannot be deleted unless they are deleted from the
AD.
CAUTION:
If you move a security account from a synchronized AD
security group to one that is not synchronized, it is as though the account
ceases to exist in Security Center. The
Active Directory role deletes the corresponding entities: users, cardholders,
and credentials, from Security Center
the next time it synchronizes with the AD. If the deleted entities were
referenced by other entities in Security Center, moving the security account
back to the synchronized AD security group will not restore these
relationships.
Synchronization is always initiated from Security Center. There are two ways that you can
start synchronization:
- Manually
- Synchronization is performed when you explicitly request it. This is the default setting. The advantage of this approach is that you have control over when you want the synchronization to be done.
- On schedule
- The imported groups are synchronized using a scheduled task.
IMPORTANT: The computer requesting the synchronization and the one
executing the synchronization must be configured to use the same Security Center display language. Otherwise,
some types of credentials might not be synchronized and will be deleted from
Security Center after the
synchronization. If you are synchronizing manually, the language set on the
workstation running Config Tool
must be the same as the language set on the server hosting the Active Directory
role. If the synchronization is performed through a scheduled task, the language
set on the main server must be the same as the language set on the server
hosting the Active Directory role.
Information that can be synchronized with the AD
Both standard and custom Security Center fields can be imported from the AD, and kept synchronized with the AD. You can choose which user, user group, cardholder, cardholder group, and credential fields to import from the AD in the Links page of the Active Directory role.