User Synchronization

This Server Task synchronizes the Users and User Groups information from a source such as Active Directory, LDAP parameters, etc. To run this task, click Admin > Server Task >User Synchronization > New...

icon_section Basic

Enter basic information about the task, such as the Name, Description (optional) and Task Type. The Task Type defines the settings and behavior of the task. Select the check box next to Run task immediately after finish to have the task run automatically after you click Finish.

icon_section Settings

Expand Settings and click Select under User Group name - By default, the root for synchronized users will be used (by default, this is the All group). Alternatively, you can create a new User Group.

User creation collision handling - two types of conflict that might occur:

There are two users with the same name in the same group.

There is an existing user with the same SID (anywhere in the system).

You can set collision handling to:

Skip - user is not added to ERA during synchronization with Active Directory.

Overwrite - existing user in ERA is overwritten by the user from Active Directory, in the case of an SID conflict the existing user in ERA is removed from its previous location (even if the user was in a different group).

User extinction handling - If a user no longer exists, you can either Remove this user or Skip it.

User group extinction handling - If a user group no longer exists, you can either Remove this user group or Skip it.


If you use custom attributes for a user set User creation collision handling to Skip. Otherwise the user (and all details) will be overwritten with the data from Active Directory loosing custom attributes. If you want to overwrite the user, change User extinction handling to Skip.

Server connection settings:

oServer - Type the Server name or IP address of your domain controller.

oLogin - Type the login credentials for your domain controller in the format DOMAIN\username.

oPassword - Type the password used to log on to your domain controller.

Use LDAP Parameters - If you want to use LDAP, select the check box next to Use LDAP instead of Active Directory and enter the information for your server. Alternatively you can select Presets by clicking Custom... and the attributes will be populated automatically:

oActive Directory

oMac OS X Server Open Directory (Computer Host Names)

oMac OS X Server Open Directory (Computer IP Addresses)

oOpenLDAP with Samba computer records - setting up the parameters DNS name in Active Directory.

Synchronization settings:

Distinguished name - Path (Distinguished Name) to the node in the Active Directory tree. Leaving this option empty will synchronize the entire AD tree.

User group and user attributes - User's default attributes are specific to the directory to which the user belongs.

Advanced user attributes - If you want to use advanced custom attributes select Add New. This field will inherit the user's information, which can be addressed in a policy editor for iOS MDM as a placeholder.

icon_section Triggers

Select an existing trigger for this task, or create a new trigger. It is also possible to Remove or Modify a selected trigger.

icon_section Summary

Review the configuration information displayed here and if it is ok, click Finish. The task is now created and ready to be used.