Synchronizing users/groups with a single Web policy and exceptions
Steps
Plan the cloud data structure: users and groups (See Groups), policies (See Defining Web Policies) and exceptions. (See Exceptions).
Review the existing LDAP/Active Directory data structure and decide whether restructuring of LDAP is necessary to match the proposed cloud data structure more closely.
Download the client and install it on the target client machine.
Configure the Directory Synchronization Client to search the LDAP directory and extract groups and users to a local file (ensure NTLM ID is included). (See the Directory Synchronization Client Administrator’s Guide for instructions). Review the
results and modify the search as necessary to ensure it returns expected results.
In the cloud manager, set up a contact with Directory Synchronization permissions. (See Set up authentication (Directory Synchronization only)). This will be the
username/logon used for the Directory Synchronization Client to log onto the portal.
Decide whether email will be sent after new users are synchronized from LDAP.
Now you are ready! In the cloud manager, enable Directory Synchronization. (See Configure identity management).
In the Directory Synchronization Client, set up portal settings in the configuration established above, changing the output type to portal (not file) and using the contact with
Directory Synchronization permissions created above. (See the Directory
Synchronization Client Administrator’s Guide).
During a slow period, select Replace on the client. Data is synchronized to the cloud manager. Note the number of additions. This is visible in the
Synchronization page and also from the notification email messages.
Log onto the cloud manager. Using Account > End Users and Account > Groups, check that users’ and groups’ policies are as expected. (See View and manage user data).
On the Identity Management page, view Recent Directory Synchronizations and compare the totals of additions against those noted in the Directory Synchronization Client. They
should match. (See View recent directory synchronizations).
If you are planning to set up exceptions based on group membership, do this now in the cloud manager. (See Exceptions).
The system is now live. If you are unhappy with the user/groups data you have synchronized then you can use Restore to undo the synchronization data, and try again. (See
Restore directories).
If everything appears to be working, set up a schedule time in the Directory Synchronization Client for the background task to run. Close the client tool.