Mapping Active Directory fields and groups with Domino® Directory fields and groups
Use the Field Mappings and Group Mappings tabs on the ADSync Options dialog box to map specific Active Directory fields and groups to Domino® Person and Group document fields. Person and Group documents are stored in the Domino® Directory. Mapping is different for the User and Group Field Mapping object classes.
About this task
You can modify any of the initial mappings, create mappings, or create Notes® field names. When an Active Directory object is created or is synchronized with Notes®, all field values in the mapped Active Directory object are copied to corresponding fields in the Person or Group document in the Domino® Directory. If necessary, fields are created in the Person or Group document and existing field values are overwritten. This is one-way synchronization. No changes are made to the Active Directory object.
Field Mappings in ADSync, unlike other settings, are different for each Active Directory domain.
To create group mappings
Procedure
- From the (Microsoft™ Management Console) MMC, choose Domino Directory Synchronization.
- Click Group Mappings.
- Complete these mappings as necessary, and then click Apply and OK.
Table 1. Options for Group mappings In Active Directory
In Domino® Directory
Security
Click to assign a group type when registering security groups in Notes®. Choose one:
- Multi-purpose -- Use for a group that has multiple purposes, for example, mail and ACLs.
- Mail only -- Use for mailing list groups.
- Access Control List only -- Use for server and database access authentication only.
- Deny List only -- Use to control access to servers. Deny List only is typically used to prevent terminated employees from accessing servers, but this type of group can be used to prevent any user from accessing particular servers. The Administration Process cannot delete any member from this group.
Distribution
Click to assign a group type when registering distribution groups in Notes®. Choose one:
- Multi-purpose -- Use for a group that has multiple purposes -- for example, mail and ACLs.
- Mail only -- Use for mailing list groups.
- Access Control List only -- Use for server and database access authentication only.
- Deny List only -- Use to control access to servers. Deny List only is typically used to prevent terminated employees from accessing servers, but this type of group can be used to prevent any user from accessing particular servers. The Administration Process cannot delete any member from this group.
To create field mappings
Procedure
- From the MMC, choose Domino Directory Synchronization.
- To create field mappings, click Field Mappings.
- For Field mappings for Object class, choose either User or Group.
- Scroll through the In Active Directory list until you locate the Active Directory field that you are mapping to a Domino Directory field.
- Right-click the corresponding In Domino Directory field (it may appear blank). An editable field appears. Enter the field name or select one from the list.
- Continue this process until you have mapped as many fields as needed.
- Click Apply and OK.
- Close and then restart the Microsoft™ Management Console so that the new fields to display in the dialog box.