You configure the settings of the Active Directory role from the Roles view of the System task in Security Center Config Tool.
Active Directory - Properties tab
Click the Properties tab to define the parameters for how the Active Directory role operates.
- Connection status
- Connection status between the role and the corporate AD.
- Shows what the role is doing. Idle is the normal status. If there is a problem, an error message is displayed.
- Active Directory
- AD Fully Qualified Domain Name (FQDN), hostname or IP address of the corporate
- Use Windows credentials
- You can use the Windows credentials used for running the Genetec Server service, or specify a different set of Windows usernames and passwords. In both cases, the credentials you specify must have read and write access to the specified corporate AD.
- Use SSL connection
- Select this option to encrypt LDAP (Lightweight Directory Access Protocol) network traffic. LDAP is the protocol used for communication between the Active Directory role and the AD. The default port used for encrypted communication is 636. If you use a different port, you need to explicitly specify it by appending the port number after the AD server name, separated by a colon (‘:’).
- Use a specific domain controller
- Select this option and specify the name of your domain controller if you have one that is dedicated to Security Center.
- Default partition where the entities synchronized with the
corporate AD are created if the partition is not mapped to an AD
attribute.NOTE: If the partition property is changed, only newly created or synchronized entities are added to the new partition. Existing entities remain in the partition originally selected the first time it was synchronized.
- Synchronized groups
- List of all AD security groups imported as user groups, cardholder groups, or both.
- No scheduled task exists to synchronize this role.
- This warning message appears if you have not configured a scheduled task to automatically handle synchronization with the corporate AD.
- Synchronize now.
- Synchronize with the Active Directory now. You should always synchronize after making changes to the synchronized groups.
Active Directory - Links tab
Click the Links tab to map AD attributes to Security Center fields.
- Map AD attributes to Security Center cardholder fields.
- Upload pictures to Active Directory
- Select this option if you want the pictures you assign to imported cardholders from Security Center to be uploaded to the AD.
- Maximum uploaded picture file size
- This parameter only appears if Upload pictures to Active Directory is selected. It servers to limit the file size of the pictures you upload from Security Center to the AD.
- Card format
- Select the default card format to use for the imported cardholder credentials when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty.
- Badge template
- Select a default badge template to use for the imported cardholder credentials.
- Custom fields
- Map additional AD to Security Center custom fields.
Active Directory - Resources tab
Click the Resources tab to configure the servers assigned to this role. The Active Directory role does not require a database.
- Servers hosting this role. All of them must have access to the role database.