News & comment tagged ‘LDAP’
● Active Directory for the AR System administrator
posted by Danny Kellett on 18th January 2011
OK, so you'ave been a workflow guru for a while now. You have read a few ars-list posts about integration with Active Directory or LDAP, you maybe have looked at the ‘OU=’ queries and thought “...yes... hmmmm” but left it at that and decide the detail is for another day.
Then, without warning, you're told: “We need our users in Remedy/AR System/ITSM to sync with AD”, or asked “Why are our usernames different to our domain names?”
Now us AR System administrators are made of some tough stuff. We know it can be done, we have seen posts on lists so we know we don't have to reinvent the wheel and more importantly, we don't want to become AD/LDAP administrators or design corporate networks, we don't want to read the overly detailed Microsoft Technet bibles that are the size of small car, with font sizes of 1 and are known to trigger narcolepsy before the first chapter.
We just want to know enough to get the job done, save a bit of time automating something and of course ticking off another item on the new years resolution list, “Learn some new techie stuff”.
For many things in life, you have to start at the beginning before you can move on to the rest. That start is here. My first, in what I will hope is a series, will be an introduction into AD, the basic terminology and how to query it.
What is Active Directory
If you visit the Microsoft website seeking a definition of AD, you will find words such as hierarchical, distributed, extensible. Then you stumble across terms such as trees, forests and leaves. See what I mean? Confusion from the first step. As promised, I will keep things simple and on a need to know basis. Depending on the version of Windows Server you are using, will depend on what term your AD will be known as. Here are a few: Active Directory Domain Services, Active Directory Lightweight Directory Services, ADAM... The important thing to know, is that all of the above can be explained as a datastore of information. This data is organised into individual objects, each object having certain set of attributes associated with it. For example, in AR System terms, we have an AR System schema, with forms and those forms have fields.
Now I think that's enough boring explanation for the first entry. So now lets see what your domain says about you. If you are using a desktop/laptop that's joined to a domain, you can query using a built in console. If not, but you have network access to a domain, then you can use a Microsoft utility called ldp.exe.
Click the Start button -> Run (or if this has been hidden by your administrators then you can run this command through a cmd.exe or command prompt):
%SystemRoot%\SYSTEM32\rundll32.exe dsquery,OpenQueryWindow
Make sure there are no spaces before or after the comma.
If you see an error message "The Active Directory Domain Service is currently unavailable" then you are not logged into a domain and you will need to use the ldp.exe with a domain login name and password (Will show you that in the next blog).
So now you have the dialog. Put your domain name in the Name field and click Find Now. You should see the results pane with your domain entry. From there you can right click and view the properties etc. There is an Advanced tab where you can specify more search attributes etc. Have a play!
The next blog entry will show you how to query for more interesting data such as new accounts from a specific date, find people with or without an email, find accounts that are disabled etc.
Thanks for your time.
Danny