Client Tools Guide › Import and Export › Active Directory Converter › Import from Active Directory

Import from Active Directory

The product enables import from one or more AD servers. Importing from multiple servers is useful when there are frequent cross-links between them. Currently, the product can export to only a single AD server.

Follow these steps:

1. Click Import, Import from Active Directory.

   The Active Directory Wizard - Step 1 dialog appears.

2. In the Credentials section, specify the servers from which data is imported. For each AD server from which you want to import, provide the IP/Domain Name, and port and login credentials.

   The following option is available:

   Secure Authentication

   Specifies that the Windows login is used to access target servers.

   Note: Passwords are not saved in the registry, so when returning to an AD import page, most values are kept, but not the password. Reset passwords each time you run the connector.

3. In the Output Files section, browse to set the pathnames of the data files that receive imported data.
4. Specify the pathname of the mapping file–an XML file that describes the mapping of AD attributes to CA GovernanceMinder entities. This file is saved after the first time a new mapping is provided.
5. Click Next to continue.

   The Active Directory Wizard - Step 2 dialog appears.

6. Under Search Area, select the points in the directory from which information is imported (the bases), in this case the respective “DC”. You can import specific containers from each of the imported AD servers.
7. Specify what to import. The following options are not self-explanatory:

   Identify Roles By

   Specifies how Active Directory entities are mapped to CA GovernanceMinder roles. You can select more than one option. Valid values include:

   CA GovernanceMinder Roles

   Native CA GovernanceMinder roles are marked as such during a preceding export.

   Nested Groups

   Primitive groups (meaninig that they are not the parent of other groups), are imported as resources, and parent groups are imported as CA GovernanceMinder roles.

   Distribution Groups/Security Groups/Universal Groups/Global Groups/domain Local Groups/Local Groups

   Specified types of Active Directory groups are imported as roles.

8. Click Next to continue.

   The Active Directory Wizard - Step 3 dialog appears.

9. A mapping window for Users attributes appears. Similar windows for Roles and Resources appear in subsequent steps.

   In these windows, fields of each entity type (users, roles and resources) may be associated with their corresponding Active Directory attribute. The result of each mapping operation is displayed in the mapping window.

   To activate the mapping, select the line that is associated with the CA GovernanceMinder attribute in the mapping table on the right.

   When you map AD attributes to CA GovernanceMinder entities, take special care to import unique values into CA GovernanceMinder keys, including users' PersonID, roles' Role Name, and resources' combination of ResName1, 2, and 3.

   To enable proper mapping of imported attributes back into AD in an export process, import the CN and DN. Use the Object Name attributes.

   Note: CA GovernanceMinder imports up to 127 characters for each field, and logs alerts for objects that exceed such limitation.

   The following fields are not self-explanatory:

   Object Name

   Chooses specific predesignated schema attributes ad/or combinations thereof.

   CN and DN map to the respective schema attributes.

   CNi maps to the i-th part of the object's DN, from right to left (meaniing that it is based on the hierarchy), and beginning from the first container after the DC values.

   DNi maps to the i-th part of the object's DCs.

   Constant Field

   You can map a constant field into a CA GovernanceMinder field. For example, it is often preferred to map the string "Active Directory" to Res Name 3.

   Empty Field

   This field enables you to leave a CA GovernanceMinder field blank.

   Configuration Entity Field Name

   Specifies a name for a CA GovernanceMinder attribute field

10. After you have mapped the fields of all entities, the product prompts you to save the mapping into a reusable XML file.

    A similar window displays to enable you to map roles.

    When completed, the product starts the import, and displays the import process progress. The following are steps to the import process:

    • Import of objects – in this pass, the product imports all users, roles, and resources objects
    • Import of links – in this pass, the product imports all links between objects
    • Verify links – in this pass, the product complements the configuration with external objects that are linked to configuration objects. the product creates a "stub" for each external object.

    When the import process is completed, a message appears that provides statistics on the imported data.

11. Click OK.

    During the import process, the product creates a log file in the CA GovernanceMinder Logs folder. This log file is separate from the product main log file, and is named according to CA GovernanceMinder's naming convention eurekifyADConverter_<username>_<date>_<time>.log. This log file contains all the errors and mis-configurations that the product has encountered. The product prompts you to view this log file when the import is finished.

    Important! Review the log file to ensure that it does not contain material warnings.