Question:

Using Equitrac Professional 5, what attributes are queried and what permissions are required for Active Directory (AD) synchronization?

Answer:

Equitrac AD Synchronization uses the service account running the Equitrac CAS service to query the Microsoft Active Directory server unless specified credentials are added to the AD Synchronization settings in the Equitrac System Manager.

In a default environment, a standard Windows domain account is sufficient to query all of the atttributes Equitrac uses however permissions can be restricted in the Active Directory Schema. Equitrac requires the authority to query all of the attributes noted below.   The following Active Directory attributes are included in all Equitrac AD synchronization queries: cn displayName isDeleted mail msDS-PrincipalName objectCategory objectClass objectGUID sAMAccountName userAccountControl uSNChanged  

The following fields may be queried when using LDAP synchronization: description fullname logindisabled uid Additional fields can be configured by the customer in System Manager in the field mapping configuration. Any attributes added to field mappings will be added to Equitrac AD synchronization queries if not already included.