Importing users and roles from Active Directory

This page describes the steps of the Kentico Active Import Utility wizard for importing users and roles from Active Directory.

Launching the AD Import Utility

You can launch this utility:

  • From the Windows Start menu -> All programs -> Kentico <version number> -> Utilities.
  • By executing the ADImport.exe file located in <Kentico installation folder>\Bin (typically c:\Program Files (x86)\Kentico\<version number>\Bin).

Step 1 – Import profile settings

Choose if you want to create a new import profile or use an existing XML profile. If you select an existing profile, values will be pre-filled in the following steps based on the profile settings.

Step 2 – Kentico DB Setup

Specify the target Kentico database, where the users and roles will be imported:

  • SQL Server name or IP address - name or IP address of the server where the target database is stored.
  • Use integrated Windows authentication - choose if you want to log on to the server using Windows authentication.
  • Use SQL Server account - choose if you want to log on to the server using credentials filled in the fields below.

Click Establish connection and enter the Database name of the target database.

Step 3 – Active directory connection

Specify the source AD domain controller:

  • Use current user account - uses the domain where the current Windows user belongs.
  • Specify domain controller and logon credentials - if you choose this option, you can enter the logon details manually.

We recommend testing the specified connection by clicking Test connection.

Specifying the AD domain controller

Step 4 – Import settings

Configure the general settings of the import process:

  • Import users/groups - determines which users or groups (roles) the wizard preselects in Step 6:
    • All - the wizard preselects all users or groups.
    • Only selected - when using an existing import profile, the wizard uses the selection stored in the profile. Otherwise the preselection is empty.
    • Update selected and import all new - same as Only selected, but also selects all new users or groups.

You can also adjust the behavior of the import by enabling or disabling the following options:

  • Update data of existing users and roles - if enabled, properties of users and roles already imported from AD will be updated in Kentico based on the current values in AD.
  • Update roles for existing Active Directory users - if enabled, the import updates the user-role relationships of existing Kentico users who were previously imported from AD (based on the current membership status in AD).
  • Import all users from selected groups and ignore other users [only available after applying hotfix 8.1.2] - if enabled, the import automatically selects all users belonging to the selected groups, regardless of the user selection options.
  • Import new users only from selected groups - if enabled, only those new users who belong to at least one role (group) selected in Step 6 or 8 of the wizard will be imported.
  • Delete users and roles that do not exist in the Active Directory - if enabled, users who were previously imported from AD, but were deleted on the source server since then, will also be deleted in Kentico.
  • Log import process to file - if enabled, you can specify a file where the tool stores the import log.
  • Select sites - choose the sites to which the imported users and roles will be assigned.

If you do not choose any site in this step, the rest of the wizard will leave out steps related to the import of roles (groups). This happens because it is currently not possible to import roles from AD into Kentico as global objects and they must be assigned to a specific site.

Step 5 – Import properties

Define the user name and role name format and bind AD user properties to Kentico user properties:

  • User name format - choose one of the three possible formats:

    • Domain\SAM (e.g., intranet\joe)
    • SAM account name (e.g., joe)
    • UPN (joe@intranet.mycompany.com)
  • Configure new users as Kentico editors - select to grant the imported users the Editor privilege level.

  • Target/Source - you can choose how attributes from the AD users (Source) will be mapped to the fields of Kentico users (CMS_User columns).

  • Show all attributes - allows all attributes from your AD schema to be selected as a Source, including custom attributes.

    • Note: You can import attributes of any data type, but their values are always imported to Target as string.
  • Role display name format:

    • Domain\SAM (intranet\DB Admins)
    • SAM (DB Admins)
  • Role code name format:

    • Domain\SAM (intranet\DB Admins)
    • SAM (DB Admins)
    • Guid (16-byte number)
  • Import description - indicates if role descriptions are imported from AD.

Mapping of attributes

Step 6 – Select users & groups to be imported

Select roles and users that will be imported. It is possible to adjust the settings made here in the following two steps.

On the left, you can see all groups (roles) found on the source server. If you select a group, its members are displayed in the list on the right. You can define which users and roles will be imported using the appropriate check-boxes.

By right-clicking a group, you can perform the following actions:

  • Select all - selects all child groups directly under the selected group.
  • Select all recursively - selects all child groups under the selected group until the last level.
  • Deselect all - selects all groups directly under the selected group.
  • Deselect all recursively - selects all group under the selected group until the last level.

All users in a group or all groups can be selected or deselected by clicking Select all or Deselect all.

Selecting users/groups to be imported

Step 7 – Adjust users to be imported

Adjust the users to be imported using the check boxes. Users are selected according to the settings made in the previous step. You can filter the listed users by Display name and User name.

Selecting/deselecting users to be imported

Step 8 – Adjust groups to be imported

Adjust the groups (roles) to be imported using the check boxes. You can filter the listed groups by Group nameusing the filter above the list.

Step 9 – Assign to roles

Select the Kentico roles to which the imported users will be assigned. If you are importing to multiple sites, first choose the site whose roles should be displayed using the Site selector.

Step 10 – Finalize

You have configured your import profile.

You can now execute the import immediately, save the profile into a file or perform both of these actions (enable the Import now and Save import profile to file check boxes respectively).

You need to create an import profile if you plan to run the AD Import Utility from the command line.

Step 11 – Import log

The last step displays an import log, showing the progress of the import process. When the import finishes, click Finish to close the wizard.