Question:
How should Active Directory be set up for User Sync with DocuWare?
How should Active Directory be set up for User Sync with DocuWare?
Answer:
When configuring Active Directory with DocuWare User Synchronization, it is best practice to have a separate Organizational Unit (OU) for the DocuWare groups and a separate Organizational Unit for the DocuWare users.
When configuring Active Directory with DocuWare User Synchronization, it is best practice to have a separate Organizational Unit (OU) for the DocuWare groups and a separate Organizational Unit for the DocuWare users.
For example, we need to sync our Accounting group members and our Sales group members to DocuWare. There should be two groups (Accounting and Sales) under the Organizational Unit that holds the DocuWare groups, and all users in each group (Accounting and Sales) should be in a separate Organizational Unit that has the users you want to sync to DocuWare.
- The OU containing the groups we want to sync to DocuWare is called DW Groups.
- The OU containing all the users in the groups we want to sync to DocuWare is called DW Users.
User Sync V1 (only available for On-premise Organizations)
- This is how the External User Directory should be configured.
Group Settings
Group root node distinguished name: OU=DW Groups, DC = dwtest, DC=local
User Settings
User node distinguished name: OU=DW Users, DC = dwtest, DC=local
User Sync V2
- This is how the External User Directory should be configured.
Groups
LDAP node where the Groups located: OU=DW Groups, DC = dwtest, DC=local
User
LDAP node where the Users located: OU=DW Users, DC = dwtest, DC=local
KBA applicable for both On-premise and Cloud Organizations
you might want to change this process and article, because almost nobody has an AD just for DocuWare. In most cases, the users are in an OU, but there are all AD users in it, not just the DocuWare users. We solve this by creating one group with all DocuWare users and several groups with only a few users for accounting, sales, etc. and using the same AD path in both fields in the Sync configuration window. Is this best practice? If so, you do not need 2 "paths" in the Sync configuration. If you only use 1 path with all the groups and users in it to synchronise. You will get a warning that there are no users in the user OU, but with this 2nd tick in the configuration window under that path, you can sync all users in your groups.
Best regards,
Niklas