This page describes the steps of the Kentico Active Import Utility wizard for importing users and roles from Active Directory.
Launching the AD Import Utility
You can launch this utility:
- From the Windows Start menu -> All programs -> Kentico <version number> -> Utilities.
- By executing the ADImport.exe file located in <Kentico installation folder>\Bin (typically c:\Program Files (x86)\Kentico\<version number>\Bin).
Step 1 – Import profile settings
Choose if you want to create a new import profile or use an existing XML profile. If you select an existing profile, values will be pre-filled in the following steps based on the profile settings.
Step 2 – Kentico DB Setup
Specify the target Kentico database, where the users and roles will be imported:
- SQL Server name or IP address - name or IP address of the server where the target database is stored.
- Use integrated Windows authentication - choose if you want to log on to the server using Windows authentication.
- Use SQL Server account - choose if you want to log on to the server using credentials filled in the fields below.
Click Establish connection and enter the Database name of the target Kentico database.
Step 3 – Active directory connection
Specify the source AD domain controller:
- Use current user account - uses the domain where the current Windows user belongs.
- Specify domain controller and logon credentials - if you choose this option, you can enter the logon details manually.
We recommend testing the specified connection by clicking Test connection.
Step 4 – Import settings
Configure the general settings of the import process:
- Import users/groups - determines which users or groups (roles) the wizard preselects in Step 6:
- All - the wizard preselects all users or groups.
- Only selected - when using an existing import profile, the wizard uses the selection stored in the profile. Otherwise the preselection is empty.
- Update selected and import all new - same as Only selected, but also selects all new users or groups.
You can also adjust the behavior of the import by enabling or disabling the following options:
- Import new users only from selected groups - if enabled, only those new users who belong to at least one role (group) selected in Step 6 or 8 of the wizard will be imported.
- Import all users from selected groups and ignore other users - if enabled, the import automatically selects all users belonging to the selected groups, regardless of the user selection options.
- Update data of existing users and roles - if enabled, properties of users and roles already imported from AD will be updated in Kentico based on the current values in AD. The update does not change the unique identifiers (GUIDs) of objects.
- Delete users and roles that do not exist in the Active Directory - if enabled, the utility deletes users and roles in Kentico marked with the is domain flag whose unique identifier (GUID) does not match the identifier of an object in AD. The deletion occurs before the start of the import process and can affect the following types of users and roles:
- Objects manually created in Kentico and marked as is domain
- Objects previously imported from AD that were since then deleted on the source server
- Update roles for existing Active Directory users - if enabled, the import updates the user-role relationships of existing Kentico users who were previously imported from AD (based on the current membership status in AD).
- Log import process to file - if enabled, you can specify a file where the tool stores the import log.
- Select sites - choose the sites to which the imported users and roles will be assigned.
If you do not choose any site in this step, the rest of the wizard will leave out steps related to the import of roles (groups). This happens because it is currently not possible to import roles from AD into Kentico as global objects and they must be assigned to a specific site.
Step 5 – Field mapping
Define the user name and role name format and bind AD user properties to Kentico user properties:
- User name format - choose one of the three possible formats:
- Domain\SAM (e.g., intranet\joe)
- SAM account name (e.g., joe)
- UPN (firstname.lastname@example.org)
- Configure new users as Kentico editors - select to grant the imported users the Editor privilege level.
- Target/Source - you can choose how attributes from the AD users (Source) will be mapped to the fields of Kentico users (CMS_User columns).
- Show all attributes - allows all attributes from your AD schema to be selected as a Source, including custom attributes.
- Note: You can import attributes of any data type, but their values are always imported to Target as string.
- Role display name format:
- Domain\SAM (intranet\DB Admins)
- SAM (DB Admins)
- Role code name format:
- Domain\SAM (intranet\DB Admins)
- SAM (DB Admins)
- Guid (16-byte number)
- Import description - indicates if role descriptions are imported from AD.
Step 6 – Select users & groups to be imported
Select the roles and users that will be imported. It is possible to adjust the settings made here in the following two steps.
On the left, you can see all groups (roles) found on the source server. If you select a group, its members are displayed in the list on the right. You can define which users and roles will be imported using the appropriate check boxes.
By right-clicking a group, you can perform the following actions:
- Select all - selects all child groups directly under the selected group.
- Select all recursively - selects all child groups under the selected group until the last level.
- Deselect all - selects all groups directly under the selected group.
- Deselect all recursively - selects all group under the selected group until the last level.
All users in a group or all groups can be selected or deselected by clicking Select all or Deselect all.
Step 7 – Adjust users to be imported
Adjust the users to be imported using the check boxes. Users are selected according to the settings made in the previous step. You can filter the listed users by Display name and User name.
Step 8 – Adjust groups to be imported
Adjust the groups (roles) to be imported using the check boxes. You can filter the listed groups by Group name using the filter above the list.
Step 9 – Assign to roles
Select the Kentico roles to which the imported users will be assigned. If you are importing to multiple sites, first choose the site whose roles should be displayed using the Site selector.
Step 10 – Finalize
You have configured your import profile.
You can now execute the import immediately, save the profile into a file or perform both of these actions (enable the Import now and Save import profile to file check boxes respectively).
Step 11 – Import log
The last step displays an import log, showing the progress of the import process. When the import finishes, click Finish to close the wizard.