Active Directory change detection trigger

Summary

AutoSync has built-in support for automatically detecting changes in Active Directory and triggering an import. This trigger type works with both Active Directory Domain Services and Lightweight Directory Services (LDS).

Configuration

This trigger can only be used on an "Active Directory Domain Services' or 'Active Directory Lightweight Directory Services" management agent type. From the triggers page, select Add trigger... and the AD/LDS change detection trigger will be available from the drop down list. Please note that only a single instance of the AD/LDS trigger can be added.

Setting	Value	Default
Base DN	The base DN that you are interested in getting change notifications for	The base DN specified in the MA configuration
Host Name	The Active Directory server to bind to	The hostname as specified in the MA configuration
Object classes	The object classes to receive change notifications from	The object classes specified in the MA configuration
Credentials	Optional. The credentials to use to bind to the target directory	The identity of the AutoSync service is used if no credentials are specified
Minimum amount of time to wait in between exections	Prevents continuous import loops by only passing through changes in the directory once per specified interval	1 minute
Ignore changes where the last logon timestamp attributes have been modified within the following time period	A change event is raised by the directory when any attribute changes - even if it is something like one of the last logon timestamp attributes. Updates to these attributes can be very frequent, and may trigger a continuous cycle of imports, defeating the purpose of change detection (you might as well have the MA on a continuous import loop). The setting tells AutoSync that if a change comes in, and the object has a last logon timestamp value in the last 5 minutes then ignore the change completely.	5 minutes

Setting

Value

Default

Base DN

The base DN that you are interested in getting change notifications for

The base DN specified in the MA configuration

Host Name

The Active Directory server to bind to

The hostname as specified in the MA configuration

Object classes

The object classes to receive change notifications from

The object classes specified in the MA configuration

Credentials

Optional. The credentials to use to bind to the target directory

The identity of the AutoSync service is used if no credentials are specified

Minimum amount of time to wait in between exections

Prevents continuous import loops by only passing through changes in the directory once per specified interval

1 minute

Ignore changes where the last logon timestamp attributes have been modified within the following time period

A change event is raised by the directory when any attribute changes - even if it is something like one of the last logon timestamp attributes. Updates to these attributes can be very frequent, and may trigger a continuous cycle of imports, defeating the purpose of change detection (you might as well have the MA on a continuous import loop). The setting tells AutoSync that if a change comes in, and the object has a last logon timestamp value in the last 5 minutes then ignore the change completely.

5 minutes

Permissions

The AD Change Listener does not require any permissions over and above a standard user account. Read permissions to the base DN are all that are required.

PreviousTriggers NextMIM service change detection trigger

Last updated 2 years ago