Connect to a Directory Service

In this article:

You can configure Unidesk to connect to a Directory Service, for example, Active Directory. When you connect to your directory service, you will create one or more Directory Junctions to access specific domains or OUs. Unidesk does not modify the directory service you connect to. The Unidesk software caches the attributes for each directory service entry, so that if the connection to the directory service is lost temporarily, the software can use the cached information for management tasks.

About connecting Unidesk to a directory service

The Unidesk Management Console Directory Tree displays a hierarchical view of Users and Groups. Each Directory Junction that you create specifies a starting node in the directory tree.

Overlapping Directory Junctions

Overlapping (or nested) Directory Junctions occur when you create multiple Directory Junctions that contain the same users and then import the users into the Unidesk directory tree. When overlapping occurs, each Directory Junction contains its own copy of the duplicate users.

Example: Overlapping directory junctions

Assume you create Directory Junction A that starts at the Marketing folder in a directory service tree. Next, you create Directory Junction B which starts at a folder above the Marketing folder. If you browse both Directory Junctions, you can see the Marketing users in both folders.

User attributes are imported from the directory service

The Unidesk software imports and caches user and group attributes from your directory service when:

• You assign administrator privileges to a user.
• The values of the attributes change in the directory service.

The attributes that the Unidesk software caches are read only. All changes to the attributes for directory service users come from the directory server.

Imported attributes are synchronized regularly

The Unidesk software synchronizes the information it caches for directory service users with the directory service every 12 hours. If the software discovers that a user is no longer an object in the directory service, it classifies the user as abandoned (you can view this information in the Information view for the user).

Create a directory junction

Create the folders where you want to place the Directory Junctions or decide which existing folder you want to use. You can add a Directory Junction folder to any existing folder in the Unidesk Management Console directory tree.

Best Practice: Avoid creating overlapping Directory Junctions, if possible. In some circumstances, deleting an overlapping Directory Junction can affect your ability to delete another Directory Junction that contains the same users.

1. Select Users > Directory Service.

2. Select Create Directory Junction in the Action bar. This opens the Create Directory Junction wizard.

3. In the Connection Details tab, specify the details for the directory server.

   • Directory Junction Name- This name becomes the name of the folder that you see in the tree view. You can use any name, including the name of a domain in your directory service tree.
   • Server address - This is the name for the server you will use for the directory service. (IP Address or DNS Name)
   • Port - Specify the port number for communicating with the directory server.

   • SSL check box - Select this if you want to use Secure Sockets Layer (SSL) communication.

     If certificate errors occur, the wizard displays a list of these errors. If you know it is safe to ignore them, select Ignore Certificate Errors.

   • Test Connection - Click to verify that the Unidesk ELM can connect to the directory service.

4. In the Authentication Details tab, enter the authentication details for a user who has permissions to search the directory service.

   • Bind Distinguished Name - To determine the correct syntax for the Bind DN or user name, see the documentation for your directory.

     Examples: The following examples shows some of the ways you can specify a user for the directory service: domain\username or username@domain.com.

   • Bind Password.

   • Test Authentication - Click to verify that the connection to the directory server is valid.

5. In the Distinguished Name Details tab, specify where the software should start searching for users and groups in the remote directory service.

   • Base Distinguished Name (DN) - The software starts searching for users and groups in the remote directory service. Once you establish a connection to the server for the directory service, the wizard displays a list of available DNs. You can select a DN from the list or enter the DN directly in the box.

     Example: Assume that you want to start the search at the Marketing Organizational Unit at the root of a domain. You would enter the following Base DN:

     OU=marketing, DC=root,DC=mydomain DC=com

   • Test Base DN - Click to verify that the Base DN is valid.
6. In the Folder Location tab, select the folder in the Unidesk tree where you want to add the directory junction for the remote directory service.

7. In the Attribute Mapping tab, enter the names of directory service attributes that you want to map to the local attributes or use the default settings.

   Note: To change the mapping from local attributes back to default mappings, click Use Defaults.

8. In the Confirm and Complete tab, verify the Directory Junction settings, enter a comment if required, and click Create Directory Junction.

   If you enter comments, they appear in the Information view Audit History.

Next step

Assign Unidesk Roles to users