Skip to content

Home

Jump to bottom
ZdenekS81 edited this page Nov 12, 2020 · 9 revisions

The Kentico Xperience Active Directory Import Utility is a standalone application that allows you to import users and groups (roles) from Active Directory (AD) into a Kentico Xperience database. The application also provides a way to update already imported users and roles to their current status in the Active Directory domain.

Download the latest release.

What can it do?

  • Import users from AD into Kentico Xperience.
  • Import roles (groups) from AD into Kentico Xperience.
  • Assign users to appropriate roles based on AD settings.
  • Update already imported users and roles according to the current AD status.

What can’t it do?

  • Import from multiple ADs or domains at once.
  • Import the tree structure of AD groups, since Kentico Xperience does not support hierarchical roles.
  • Continuously and automatically synchronize the status of users from AD into Kentico Xperience.

Terminology

  • Import profile - XML file with import settings. You can create this file using the wizard mode, or even write it manually. It is necessary to have an import profile prepared when you want to use the utility's console mode.
  • SAM Account Name - login name used to support clients and servers on older versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager.
  • UPN (User Principal Name) - Internet-style login name for a user, based on the RFC 822 standard. The UPN is shorter than the distinguished name and easier to remember. By convention, the name should map to the user's email address. The value set for this attribute is equal to the length of the user's ID and the domain name. (Sample UPN: username@subdomain.domain.tld)
  • Role or Group - these two terms have an almost identical meaning. "Group" is used in AD terminology and "role" in Kentico Xperience.

How to import AD data

You can use the utility to import Active Directory data in one of two ways:

  • Using the wizard - a step-by-step user interface. Also necessary to create an import profile for the command line mode.
  • Using the command line - may be useful if you want to schedule AD import to be performed on a regular basis.

How to recognize imported users and roles in Kentico Xperience

In Kentico Xperience, you can identify users imported from AD according to the Is domain user flag, which you can check when editing users on the General tab in the Users application. When editing roles in the Roles application, you can see the Is domain role flag, which has the same meaning for roles.

These flags reflect the values of the following columns in the corresponding database tables:

  • CMS_User -> UserIsDomain
  • CMS_Role -> RoleIsDomain

Analytics

Clone this wiki locally