Active Directory search and synchronization

AD objects cache and synchronization.

Intro

In previous releases the Active Directory (AD) data needed to be saved and daily synchronized in the Flexxible|SUITE database. The domain object searches launched from the browser were performed against the objects cached in the Flexxible|SUITE database by the daily synchronization of domains. 

From version 4.11, all searches are performed directly agains Active Directory, eliminating the need for daily synchronization.

Now only domain objects used by Flexxible|SUITE are periodically synchronized from Active Directory (every 4 hours).

Any domain cached AD objects in the Flexxbile|SUITE database no longer used will be removed from the cache (database). A "Reduce AD cache data" button is shown in the Domains list to force this cleanup if necessary.

Active Directory search view

The directory object search is performed directly against the domain, using this search view:

The new search view offers several filters:

Text search

(The box containing the search icon) You can type in there the text that must contain the Name or the account name of the directory objects to find.

Domain dropdown list

This list restricts the search to a  single domain, and will only show domains accessible to the current Flexxible|SUITE user:

The pre-selected domain will be decided by the most probable search criteria. E.g. If we search for the user group for a tenant AD Configuration, the pre-selected domain will be the tenant domain. 

Object type dropdown list

This list allows restricting the search to an object type: Domain (any object type), OU, Users, Groups, or Machines.

Only those object types matching the current search criteria will be displayed. E.g. If we are configuring the tenant OUs, in the tenant AD Configuration tab, we'll only be able to search for OUs, or if we are adding accounts to the Users/Groups tab in a VDT delivery group, we'll be only able to search for groups or users.

Tenants menu option > MyTenant detail screen > AD Configuration tab > OUS area > USERS > Directory object screen

Scope dropdown list

Allows performing an "innermost" search taking as reference its Organizational Unit. Only accessible OUs for the current user will be displayed: e.g. a partner will only be able to select its own OU or one of its tenant OUs, but not "Entire domain"

Virtual Desktop Templates area > VDT detail screen > Delivery groups tab > Delivery Group detail screen > Users/Groups tab

Once the search is completed (by clicking the search icon), clicking on a found object in the list will show a detail view with the following read-only fields:

  • Name

  • ADGuid: This must be unique. The unique identifier the object in the domain)

  • Distinguished Name (a complete path specification for the object in the domain)

  • Object Type

  • Domain (where the object lives)

  • Account name

  • Parent OU (containing the object)

  • Enabled

  • Is Synchronized (the object is cached in the Flexxible|SUITE database because it is in use)

  • Last Synch Date (last date/time the object was updated in the database from the domain)

  • Related tenant


  • Id: This must be unique. This field is mandatory -> Creo que deberíamos especificar que es esto exactamente, no solo decir las restricciones que tienen.
  • o Wholesaler: You can use an existing wholesaler or created it. This field is mandatory. -> No deberíamos dejar crear Nuevo wholesarles desde aquí, esto es un bug, por otro lado yo creo que se debería explicar que esto se usará para filtrar las VLANs que ven los tenants.
  • o In use by: The name of the tenant that uses this VLan. -> Yo creo que habría que usar el verbo “assign” en vez de “use”, pero ya es más apreciación mía.
  • o Public IP: This field is mandatory. -> Aquí hay que decir de alguna manera elegante que este campo no sirve para nada… tendríamos que quitarlo.
  • o IP NET (CIDR): This field is mandatory. -> Este es el rango de red de esta VLAN


Domain list buttons

The following buttons allow to perform operations agains a domain in the list:

  • Reduce AD cache data: Forces the cleanup of previously unused objects in the Flexxible|SUITE database for the selected domain(s), generating a job.
  • Check Domain Access: Forces checking that the selected domain(s) can be accessed by using the configured credentials for each one. If the check fails, the domain is displayed in red, and continuous synchronization is stopped for the domain until the next check is performed successfully (Flexxible|SUITE automatically performs this check every 30 minutes).