Client Tools Guide › Import and Export Menus › Active Directory Converter › Import from Active Directory

Import from Active Directory

CA GovernanceMinder allows import from one or more AD servers. Importing from multiple servers is useful when there are frequent cross-links between them. Currently, CA GovernanceMinder can export to only a single AD server.

To import from an Active Directory

1. Click Import, Import from Active Directory.

   The Active Directory Wizard - Step 1 dialog appears.

2. In the Credentials section, specify the servers from which data is imported. For each AD server from which you wish to import:rovide the IP/Domain Name, as well as port and login credentials.

   The following option is available:

   Secure Authentication

   Specifies that the Windows login is used to access target servers.

   Note: Passwords are not kept in the registry, so when returning to an AD import page, most values will be kept, but not the password. You must reset passwords each time you run the connector.

3. In the Output Files section, browse to set the pathnames of the data files that receive imported data.
4. Specify the pathname of the mapping file–an XML file that describes the mapping of AD attributes to CA GovernanceMinder entities. This file is usually saved after the first time a new mapping is provided.
5. Click Next to continue.

   The Active Directory Wizard - Step 2 dialog appears.

6. Under Search Area, select the points in the directory from which information will be imported (the bases), in this case the respective “DC”. you can import specific containers from each of the imported AD servers.
7. Specify what to import. The following options are not self-explanatory:

   Identify Roles By

   Specifies how Active Directory entities are mapped to CA GovernanceMinder roles. It is possible to check more than one option.Valid values include:

   CA GovernanceMinder Roles

   Native CA GovernanceMinder roles are marked as such during a preceding export

   Nested Groups

   Primitive groups (i.e., that are not parent of other groups, will be imported as resources, and parent groups will be imported as CA GovernanceMinder roles

   Distribution Groups/Security Groups/Universal Groups/Global Groups/domain Local Groups/Local Groups

   Specified types of Active Directory groups are imported as roles.

8. Click Next to continue.

   The Active Directory Wizard - Step 3 dialog appears.

9. A mapping window for Users attributes appears. Similar windows for Roles and Resources appear in subsequent steps.

   In these windows, fields of each entity type (users, roles and resources) may be associated with their corresponding Active Directory attribute. The result of each mapping operation is displayed in the mapping window.

   To activate the mapping, select the line associated with the CA GovernanceMinder attribute in the mapping table on the right.

   When mapping AD attributes to CA GovernanceMinder entities, take special care to import unique values into CA GovernanceMinder keys, i.e., users' PersonID, roles' Role Name, and resources' combination of ResName1, 2, and 3.

   To enable proper mapping of imported attributes back into AD in an export process,import the CN and DN. Use the Object Name attributes.

   Note: CA GovernanceMinder imports up to 127 characters for each field, and logs alerts for objects that exceed such limitation.

   The following fields are not self-explanatory:

   Object Name

   Chooses specific pre-designated schema attributes ad/or combinations thereof.

   CN and DN map to the respective schema attributes.

   CNi maps to the i-th part of the object's DN, from right to left (i.e. based on the hierarchy), and beginning from the first container after the DC values

   DNi maps to the i-th part of the object's DCs.

   Constant Field

   You can choose to map a constant field into a CA GovernanceMinder field. For example, it is often preferred to map the string "Active Directory" to Res Name 3.

   Empty Field

   This allows you to leave a CA GovernanceMinder field empty.

   Configuration Entity Field Name

   Specifies a name for a CA GovernanceMinder attribute field

10. After mapping the fields of all entities, CA GovernanceMinder prompts you to save the mapping into a reusable XML file.

    A similar window displays to let you map roles.

    When done, CA GovernanceMinder starts the import, showing the progress of the import process. There are three steps to the import process:

    • Import of objects – in this pass, CA GovernanceMinder imports all users, roles, and resources objects
    • Import of links – in this pass, CA GovernanceMinder imports all links between objects
    • Verify links – in this pass, CA GovernanceMinder complements the configuration with external objects that are linked to configuration objects. CA GovernanceMinder creates a "stub" for each external object.

    When the import process is completed, a message appears providing statistics on the data that was imported.

11. Click OK.

    During the import process, CA GovernanceMinder creates a log file in the CA GovernanceMinder Logs folder. This log file is separate from the CA GovernanceMinder main log file, and is named according to CA GovernanceMinder's naming convention eurekifyADConverter_<username>_<date>_<time>.log. This log file contains all the errors and mis-configurations that CA GovernanceMinder has encountered. CA GovernanceMinder prompts you to view this log file when the import is finished.

    Important! Review the log file to ensure that it does not contain material warnings.