CHEAT SHEET

Active Directory Integration

Configuring the users on the Active Directory server
All the users on the Active Directory server which should have access to Observer must be members of the group which
will be imported by Observer (though of course they can also be members of additional other groups).
1. Create a new Group with a Group Name, Group Scope set to Global, and Group type set to Security.
2. Add the desired users to the previously created group.
Configuring Observer
Now Observer must be configured to access and use the Active Directory server:
1. Choose User admin from the System administration menu. This opens the User admin dialog.
2. For importing users from Active Directory you can either:
Select an existing group (though note that this group has to be empty!) OR Create a new group:
a. Choose Add new group from the User/group menu or the right mouse click menu.
b. Enter a Group name (e.g. AD-Users), check the Users of this group are imported from Active
Directory checkbox and click Next.
c. Make the appropriate adjustments on the Privileges and Camera access rights pages. Press Save.
3. Right-click on the group and select Active Directory configuration.
4. Right-click on the Active Directory configuration page and select Modify host.
5. Configure the Connection parameters (you can test the configuration with the Test connection button):
a. Enable the configuration by checking the corresponding checkbox.
b. Enter the Server address (IP address) and Port (standard port is 389) of the Active Directory server.
c. Enter the User name, Password and confirm the Password.
6. Configure the Directory parameters:
a. Enter the organizational unit (OU) and domain as the Search base (e.g. OU=Users,DC=netavis,DC=net).
b. Enter the name of the previously configured Active Directory group name as the AD group name and
don't forget to include the corresponding organizational unit the AD group is located in (e.g.
CN=Observer4,OU=Users,DC=netavis,DC=net).
c. Enter the name of the previously configured Observer user group to which the Active Directory users
will be imported as the Observer group name (e.g. AD-Users).
d. Select a previously defined Attribute mapping schema or create a new one by choosing Edit... and
then clicking on New. These are the attributes which are imported from Active Directory to Observer:
• Login name tag (mandatory): Set it to cn (users login with their common name: e.g. John
Doe) OR sAMAccountName (users login with their account name: e.g. john).
• Name tag (mandatory): Set it to displayName.
• SMS number tag (optional): Set it to telephoneNumber / Email tag (optional): Set it to mail.
7. Enter the domain of the server as its Directory address (e.g. for netavis.net it would be DC=netavis,DC=net).
8. Configure the Tag mapping:
a. The AD group identifier tag has to be set to memberOf.
b. The Login name tag set here has to match the option (cn OR sAMAccountName) set earlier in the
Attribute mapping schema. Press Save.
9. After Observer has finished synchronization with the Active Directory server (which may take up to 2 minutes)
the users configured there will appear under the previously set Observer group name in the User admin.
Additional resources
• NETAVIS Observer 4.8 User Manual
www.netavis.net