Synchronize Active Directory to Database

active-directory database synchronization
9,082

Solution 1

You can setup Lightweight Directory Services (used to be ADAM) to replicate the AD schema and objects into an external LDAP DB that users can query and get the information you are talking about. This allows you to be specific about what you expose externally by only synchronizing those objects you want to publish and not exposing other AD objects.

Solution 2

Synchronizing Active Directory from a database is quite a common requirement - not necessarily for the use case your describe, but more commonly for companies managing their employees in a HR tool which stores them in a database.

You can quite easily sync the contents of the database to AD using LDAP Synchronization Connector (LSC) which is an open source tool custom-designed for this purpose. In short, this tool is to replace that script you might write by hand, minus the bugs you'll run into, and plus various functions to make it easier to sync.

I have set up a similar synchronization from an Oracle DB to a LDAP server (remember that AD is also a LDAP server), for over 70.000 users, including group memberships. After the first initialization, the sync ran in a bit under 10 minutes.

The following link should be of interest to you, whether you adopt LSC or not: Many technical tips about synchronizing data to/from Active Directory.

Solution 3

If you have a few programming skills, you can setup and adapt pSSOd. It contains:

  • A perl script which synchronizes AD with an OpenLDAP server or a SQL database.
  • A Service For Unix Daemon, which allows you to also have passwords synchronized.
Share:
9,082

Related videos on Youtube

Tommy Jakobsen
Author by

Tommy Jakobsen

Updated on September 17, 2022

Comments

  • Tommy Jakobsen
    Tommy Jakobsen over 1 year

    We are in a situation where we would like to offer our customers to be able to manage their users themselves. It is around 300 customers with up to a total of 10.000 users.

    Besides creating, updating and removing users, they will very often read information about users for statics and other useful informations available. All this functionality, should be available from an Intranet web page (.NET Framework 4) that the users will access through Citrix or similar.

    Now the problem is that we would really like the users not to query AD directly for each request, but rather make them hit a database that is synchronized with AD. It would be sufficient to run this synchronization a few time each day (maybe every 5. hour). When they create a user, it should not be available right away, but reviewed and then created within two days (the next step would be to remove this manual review, but that's out of scope for this question).

    What do you think about this synchronization of AD? Does anyone have any experience with it and is it something that is done in other organizations, where you will have lots of requests which is better handled by a database than AD (I presume)?

    Are there any techniques out there for writing such a script that synchronizes AD with database tables? My primary concern is the groups/members relations which can be rather complicated. Or are there software that synchronizes AD with a database?

    Any comments will be much appreciated. Thank you.

  • Tommy Jakobsen
    Tommy Jakobsen almost 14 years
    That sounds interesting. I'm not much into AD programming, so can you explain more about Lightweight Directory Services, or point me to some good resources? Maybe even a good book if LDS is the way to do it.
  • BoxerBucks
    BoxerBucks almost 14 years
    LDS is basically the LDAP engine of Active Directory. It will support any object you pull out of AD for exposing to other services or queries. You can use a tool like ldifde which is installed on your DC to export certain objects to a text file then import them with the same ldifde utility into your LDS database. LDS is included as a standard service in Windows 2008 server. msdn.microsoft.com/en-us/library/aa705886%28VS.85%29.aspx
  • Tommy Jakobsen
    Tommy Jakobsen almost 14 years
    Very interesting. Is this import/export best done by writing a Powershell script and scheduling it, or are there better alternatives?
  • BoxerBucks
    BoxerBucks almost 14 years
    You could schedule a task to do the export/import via powershell, sure. I would start by manually running the commands to get the process down then take those and automate.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Weird behavior using Active Directory group mapped to SQL Server user/login
SYSVOL not replicating to some RODC
Active Directory max photo size
Suggestions for using Active Directory credentials (user name/password) with Google Apps?
Where does Active Directory-integrated DNS store its data?
"Requested registry access is not allowed." Powershell
How do I synchronize two Oracle Databases?
Java multiple threads database access
Ldap error code 32
How to synchronize databases in different servers in SQL Server 2008?