Other Related Topics...
Using the Active Directory Synchronizer
Active Directory users all have email addresses and display names, so all FaxPress Plus user accounts created from Active Directory accounts will contain email addresses and display names as well. Active Directory user accounts without display names or email addresses will still be used to create FaxPress Plus user accounts, but will not be recorded in the user mapping data file.
Certain modifications to Active Directory will not be detected by the FaxPress Plus server. When a user is removed from an existing Active Directory group, but still exists as an individual user in Active Directory, the Synchronizer is unable to detect this kind of modification. This user will remain in its original group on the FaxPress Plus server. The Active Directory Synchronizer will only delete users from the FaxPress Plus server if those users are first deleted as individual users from Active Directory.
User Mapping and the Email Gateway Service
After importing Active Directory users to FaxPress Plus server, the Active Directory Synchronizer automatically creates the User Mapping information required by the FaxPress Premier Email Gateway. User mapping will be created whether or not the Email Gateway service is started or stopped.
See your FaxPress Premier Email Gateways Guide for more user mapping information.
Configuring the Active Directory Synchronizer
To use the FaxPress Premier’s Active Directory Synchronizer service:
| ■ | you must join the FaxPress Premier to your network domain. Although Premier is DHCP enabled, it will not automatically be joined to the network domain as part of the setup. |
| ■ | you must either identify an existing Active Directory group or create a new Active Directory group (e.g., "FPP Users") that will be used to define the new users and groups on the FaxPress Premier. Active Directory groups used for this purpose should contain users only, rather than containing other groups. With the automatic accounts generated by the server (e.g., Guest account, Terminal Services account), using the default Domain Users Group for this purpose is not recommended. |
To configure the Premier’s Active Directory Synchronizer service, follow these steps:
| 1. | Log into FaxPress Plus as Administrator, or as a user with administrator privileges. |
| 2. | From the Administration view, select the Embedded Services folder. |
Right-click on the Active Directory Synchronizer and click Configuration.
| 3. | In the General screen, enter the required information as described below and click Next>. |
Active Directory Domain Name – displays the name of the FaxPress Premier’s domain. You may need to enter a fully qualified domain name.
Refresh Synchronizer – select to update all user data whether or not any changes have been made.
Schedule – when the Active Directory Synchronizer service is running, (indicated by the Started in the Embedded Services folder in FaxPress Plus) this option will allows you to specify when the Synchronizer should update Premier user information with information from Active Directory.
Service Login Account User Name and Password – the Active Directory Synchronizer requires an account with administrator privileges to use to log in as a service to Active Directory. The service account must have Read access to the Active Directory and should be able to get list of users and group and all user information.
FaxPress Administrator Name and Password – enter the Administrator name and password, or the name and password of an account with Administrator privileges. The Synchronizer requires this account to log on to the Premier and create or update Premier user information with Active Directory information.
Trace to file – select this option to have the Active Directory’s trace file information stored in a subdirectory of the Active Directory folder on the Premier.
| 4. | The Profiles window provides three options: Select a Profile From the Following List (available only if a profile has already been created), Create New Profile and Do not create any profile on Active Directory. The options are described below.In this example, the Create New Profile radio button is selected, and a new Profile Name, Domain, User Name and Password are entered. |
Selecting the Create a New Profile option modifies the Active Directory schema and requires the User Name entered in the Active Directory Administrator section to have both administrator and schema rights. The profile creation process creates a new schema entry and stores all the configuration settings under this new Schema Object. The schema entries are: fpAttributeMap, fpPrevilegeMap, fpDefaultSettings, fpAdProfile.
Select a Profile From the Following List – This option will only be available if an Active Directory Synchronizer profile has already been created on Active Directory.
Create New Profile – Select this option to create an Active Directory Synchronizer profile that will be available for future use. Once created on Active Directory, the new profile will appear in the Select a Profile From the Following List section, and will be available to any FaxPress Premier. Profile names are limited to 60 characters.
Do not create any profile on Active Directory – This allows you to create FaxPress Premier users from existing Active Directory users for this session only, without creating a profile for future use. No schema entries are created with this option.
| 5. | Use the Attributes Mapping window to configure the FaxPress Premier User Properties with existing information from Active Directory. Refer to Creating and Configuring Groups for a detailed explanation of the FaxPress User Attributes listed here. |
Disabled Active Directory users will not be imported. Also, the Synchronizer only recognizes Active Directory users and groups. It does not recognize Active Directory user containers.
As shown in the above example, four pre-configured, default Active Directory/FaxPress User Attributes mappings:
Premier Description = Active Directory description (The AD Synchronizer will only accept the first 13 characters of each user's description data. Any information following the 13 characters will be truncated.)
Premier Fax Number = Active Directory facsimileTelephoneNumber
Premier Full Name = Active Directory displayName
Premier User Name = Active Directory sAMAccountName
Other mappings can be added as required, e.g.:
Premier Voice Number = Active Directory telephoneNumber
The Edit Condition button allows the FaxPress Premier to be configured to accommodate anticipated changes to the Active Directory accounts. The Edit Condition button can be used, for example, to specify what might happen to a FaxPress Premier User’s account when the Active Directory account expires, as shown below.
The conditions of the default, pre-configured mappings cannot be edited using the Edit Condition button.
| 6. | User Mapping lets you assign FaxPress Premier privilege levels to your existing Active Directory user groups. (For more information on privilege levels, see Creating and Configuring Groups.) In the example below, the FaxPress Premier users created from the Active Directory Group FPAdmin will be assigned Administrator privileges. |
The Set FaxPress user password randomly option will assign a unique, randomly generated password to each FaxPress Premier user. The user can then customize the assigned password as described in Setting User Passwords – Important.
The Set FaxPress user password to: option allows you to assign one default password for all FaxPress Premier users and groups. See Setting User Passwords – Important for more information on passwords.
The Active Directory Synchronizer will not import empty Active Directory groups. To be imported, groups must have at least one user in them.
| 7. | In the Confirm screen, click either the Synchronize Now button, or Next>. |
The Synchronize Now button allows the Synchronizer service to be started, and the synchronization process to be executed, immediately rather than at the time interval specified in the configuration’s General screen. The Synchronize Now button will start, execute, and then stop the Synchronizer service. If the Synchronize Now button is used, the Synchronizer service will always stop after execution, even if the Synchronizer service was running initially.
Return to and use the Synchronize Now button at any time to manually start, synchronize all modified users, and stop the Synchronizer service. This lets you keep the Synchronizer service stopped rather than started after the initial synchronization process, and only use the Synchronizer as needed.
| 8. | After clicking the Synchronize Now button, you’ll be prompted to confirm. Click Yes. |
| 9. | When the Finish button appears, click it to exit the configuration utility. |
| 10. | If you’d like the Active Directory Synchronizer to run continually, updating according to the schedule you specified in the General window, right-click on the Active Directory Synchronizer service and select Start. You also have the option of leaving the service stopped, and updating Premier user information manually by using the Synchronize Now button. |
| 11. | Finally, expand the Users & Groups branch of FaxPress Plus to confirm the new users and groups have been created. |
| 12. | If you’ve created an Active Directory Synchronizer profile, the next time you select Active Directory Synchronizer>Configuration, the new profile will appear as an option in the Select a Profile from the Following List. This new profile will also appear as an option for any other FaxPress Premier servers that might exist on your network. Selecting a profile and start AD Sync process instead of create new profile for this FaxPress Premier. |
|
FaxPress Premier WebHelp
Last Updated: 11/1/2007
E-mail this page |
Castelle 855 Jarvis Drive, Suite 100 Morgan Hill, CA 95037 Toll-free 800.289.7555 Tel 408.852.8000 Fax 408.852.8100 |