Skip to main content

KYDSO

Reconciliation of Active Directory groups

KYDSO performs a daily reconciliation of the AD groups from the customer system's Active Directory.

For this purpose, the existing AD groups are exported from the Active Directory in a defined data structure and imported into KYDSO:

  • If the group does not yet exist in KYDSO, you must first decide whether you want to manage it in KYDSOConfirm group management

  • if the group has already been created in KYDSO, it will be updated if necessary

Existing group memberships are also transferred to KYDSO: Reconciliation of Active Directory group memberships

The reconciliation is performed with the following settings:

Search expression

The search expression determines which AD groups are considered for reconciliation.

System default: (&(objectCategory=group)(objectClass=group)(!isCriticalSystemObject=TRUE)) (search for groups for which the isCriticalSystemObject flag is not set)

The search expression entered is not validated. If an invalid search expression is entered, the reconciliation runs into an error. You can find information on the structure of search expressions for example at Creating a Query Filter

Search range

The search scope defines the Active Directory object for which the reconciliation is to be performed.

System default: empty (the entire Active Directory is searched)

Excluded groups

You can exclude groups contained in the search results list from being transferred to KYDSO. If required, enter the sAMAccountName of the desired group(s).

System default: DnsAdmins, DnsUpdateProxy

If you have rejected the transfer of a group to the administration of KYDSO, the sAMAccountName of the affected group is automatically entered here.

Changing the configuration for reconciliation

You can adjust the settings for reconciling the AD groups as follows:

  1. Click on the View assets action in the View data menu.

    The asset list opens. For performance reasons, this is empty the first time it is opened after starting KYDSO.

  2. Search for the article Group reconciliation configuration and click on the corresponding Details.

    The current settings are displayed in the Information section.

  3. Click on Change data.

    The wizard for the selected action starts and guides you through the process.

In this section: