Predefined script for Active Directory synchronization

You can import an existing organizational structure into the SafeGuard Enterprise Database from an Active Directory. For further information, see Import or synchronize the organizational structure.

After you have imported the directory structure, you can schedule a periodic task for automatic synchronization between the Active Directory and SafeGuard Enterprise. For this task, you can use the predefined script ActiveDirectorySynchronization.vbs.

The script synchronizes all existing containers in the SafeGuard Enterprise Database with an Active Directory.

Before you use the script in a periodic task, you can edit the following parameters:

Parameter Description
logFileName Specify a path for the script log file. This parameter is mandatory. If it is empty or invalid, synchronization does not work and an error message is displayed. By default, this parameter is empty. If a log file already exists, new logs are appended to the end of the file.
synchronizeMembership Set this parameter to 1 to also synchronize memberships. If this parameter is set to 0, memberships are not synchronized. The default setting is 1.
synchronizeAccountState Set this parameter to 1 to also synchronize the user enabled state. If this parameter is set to 0, the user enabled state is only synchronized at first synchronization. The default setting is 0.
Note: Make sure that you have the necessary access rights for Active directory synchronization and that the appropriate SQL permissions are set for the account that is used to run the SafeGuard Enterprise Task Scheduler. For more information, see Security officer access rights and Active Directory import. For information on how to set the Active Directory access rights, see Sophos knowledgebase article 107979. For information on how to set the SQL permissions, see Sophos knowledgebase article 113582.

Once the rights are set correctly, apply the changes and restart the service: Switch to the server hosting the SafeGuard Enterprise web page. Open the Services interface by clicking Start> Run > Services.msc. Right-click SafeGuard ® Scheduler Service and click All Tasks > Restart.

Note: We recommended that you synchronize the Active Directory in a timely moderate interval, maximum twice a day so that server performance is not significantly decreased. New objects will be displayed in the SafeGuard Management Center under .Auto registered between these intervals where they can be managed just as normal.