Creating and Modifying Configuration Profiles > Step 4: Setting up the LDAP search configuration > Defining group attributes
|
If you want to synchronize groups with the same name from different domains (for example, domain1/Admins and domain2/admins), you must change the string in the Name field from the default %CN% to %DC%/%CN%.
|
|
GUID is a unique identifier maintained by the LDAP server. Use this attribute if it is available on your server. Microsoft Active Directory supports GUID, but it is not supported by all servers. If you omit this attribute, the Directory Synchronization Client derives an identifier from the distinguished name (DN) of the object class.
|
|
Group Token is an optional attribute that holds the number this group is in. The value may be referred to by the "Primary Group attribute" in the user object class settings. If a user's primary group is set to a particular group token, then the user is part of that group. The group token is specific to Active Directory so may be unavailable in other directories. If unavailable, it should be left blank.
|
|
Group Parents is used to relate a group to its parent group, if it exists. The optional attribute retrieved from the directory may consist of a single DN that contains the parent group.
|
|
Group Members is a multiple-value attribute that holds the users (in DN form) who are part of this group.
|
Group Members: a list of users/groups belonging to a group.
Group Membership: a list of groups to which a group/user belongs.
|
Creating and Modifying Configuration Profiles > Step 4: Setting up the LDAP search configuration > Defining group attributes
|