CurrentWare allows you to integrate your Active Directory hierarchy onto the CurrentWare Console to easily manage your users.
You can find this option on the CurrentWare Console under Tools > Import Users.
Step 1 – Authenticating with your Active Directory
- On the CurrentWare Web Console, go to Tools > Import Users and select Import users from Active Directory. Fill in your domain, admin user name and password to connect to your Active Directory.
- Once connected, your users will appear on the right side for you to choose which users to import into your console.
- You can also enable AD Synchronization to import all of your users and keep the web console updated with any new users that connect to your Active Directory.
- Launch the CurrentWare Console.
Note: If you are using the Web Console, you can access the CurrentWare Desktop Application by going to C:\Program Files (x86)\CurrentWare\cwConsole from your Server PC and running cwConsole.exe.
- On the menu select Tools > Import Users.
- Select Import users from Active Directory.
- Enter your Domain Name, User Name and Password.
- Click on the Import Users button.
- Select the users and OUs you want to import into the cwConsole
- Click on the Add Users button.
CurrentWare will sync any OUs and users updates to the CurrentWare Console once every 24 hours. If you need to sync with AD immediately, you can go to Tools > Import Users > Click on the “Sync now” button.
Step 2 – Syncing with your Active Directory
When AD sync is enabled, you will have the ability to modify your group policies but you will not be able to move, rename, or delete the AD groups or users on the CurrentWare Console. To achieve data integrity during the AD sync process, CurrentWare must retain the same AD structure. You will have to manage your OUs and users directly on your Active Directory on your Windows Configuration Manager Console.
When you disable AD sync, you will retain control of your groups and users again. The policies set during AD sync and the data collected will also be retained.
What happens when I delete an OU from AD? The deleted OU group and the users within that group will be moved to the “Non-AD” folder. The data and policies will be retained.
Step 3 – Managing “Non-AD” users
With AD sync enabled, you will still have the ability to manage your other Windows workgroup users by using the [Non-AD] group that’s created automatically after you activate AD sync.
The CurrentWare Console syncs with your Active Directory every 24 hours. If you want to refresh your AD structure on the CurrentWare Console faster, you click on the “Sync Now” button to manually push out the update.
Limitations with CurrentWare’s Active Directory Sync
- No duplicate OU names: If you have any OU names on your AD that are the same, CurrentWare’s AD sync process will not accept them and it will not allow you to continue with the sync. For example, if you have two OUs called “IT” in two different parent OUs, the AD sync validation will not allow you to continue because the cwConsole does not accept 2 groups with the same name.
- No Special Characters: CurrentWare cannot sync OU group names containing the following special characters `~!@%^&*©®|;:'<>/?,”
- What happens if I rename a group with special characters after I enable AD sync? When a group is renamed with special characters after enabling the sync, that OU will be removed and will not be synced again. Its users will be moved to the root group (CurrentWare) to avoid data loss. Any sub OU will move up in the hierarchy and it keeps syncing along with the corresponding users.
- Renaming an OU on AD: when you rename an OU on AD, CurrentWare will see it as a new group on the Console. You will have to reconfigure your CurrentWare settings any renamed OUs.
- What happens if I rename a group that has the same name as another group? The OU with the duplicate name will be removed and the users will be moved to the root group (CurrentWare) to avoid data loss.