Active Directory integration has two modes; Mode A: Users Only and Mode B: Users and their Groups. In either mode, BlueView will copy users from the designated OU to create corresponding cardholders in BlueView.
Mode A
For mode A, on each sync pass, the service will:
• Add to BlueView any cardholders that exist in the specified Active Directory OU but do not exist in
BlueView . The first name, middle initial, last name, and (optionally) employee ID will be copied into a
corresponding BlueView cardholder record.
• For any Active Directory users that already exist in BlueView, their BlueView record will be updated with any changes to their first name, middle initial, last name, and (optionally) their employee ID.
• The Active/Inactive status of BlueView cardholders will be updated to reflect the Enabled/Disabled flag for the corresponding record in Active Directory. Any BlueView cardholders sourced from Active Directory that no longer have a corresponding record in Active Directory will be deactivated.
Mode B
For mode B, on each sync pass, the service will:
• Iterate through any Active Directory groups in the specified Active Directory OU and create corresponding Groups in BlueView with the same name.
• Add to BlueView any cardholders that exist in the specified Active Directory OU but do not exist in BlueView. The first name, middle initial, last name, and (optionally) employee ID will be copied into a
corresponding BlueView cardholder record.
• Additionally, the users will be assigned to a BlueView access control group with the same name as their Active Directory group. Note: For users who are assigned to nested groups in Active Directory, BlueView will use the top most Active Directory group name by default. Optionally, administrators can specify for BlueView to use the bottom-level group name instead, or not to descend/recurse through nested groups at all.
• The names, employee ID (optional), user status and group assignments for BlueView cardholders will be updated to reflect the corresponding record in Active Directory. Any BlueView cardholders that no longer have a corresponding record in Active Directory will be deactivated.
• BlueView group names will be updated to reflect the group names of the corresponding records in Active Directory. Any BlueView groups sourced from Active Directory that no longer have a corresponding
record in Active Directory will be deleted. The software automatically updates the affected door controllers when users are deactivated, reactivated, or moved between access groups during a sync pass.
Required information to access the Active Directory
• Server Name or IP address of a Domain Controller
• A fully qualified username and password that can query the Active Directory
• The Active Directory field to be queried by the sync service for the Employee ID (Optional)
• (Mode A) The path to the OU containing the user accounts to be synced. If all Active Directory users will be synced, no OU needs to be specified. -- i.e. DC=mydomain,DC=local
• (Mode B) The path to the OU containing the groups to be synced – i.e. OU=mygroup,DC=mydomain,DC=local
• Desired interval between sync passes, specified in minutes