Active Directory Synchronization

The Active Directory Synchronization uses automatic group creation (with corresponding clients) based on the structure defined by Active Directory. It allows the administrator to sort clients to groups, as long as the client name matches the object type computer at the side of Active Directory (AD) and belongs to groups in the AD.


There are two main options that determine the manner of synchronization:


The Synchronize groups option allows you to choose which AD groups will be synchronized. The All groups option results in synchronization of the complete AD tree structure whether or not the AD groups contain ERA clients. The next two options (Only groups containing ERA Server clients and Only groups containing ERA primary server clients) mean stricter synchronization and result in the synchronization of only groups containing existing ERA clients.


With the Synchronization type option you define whether the AD groups to be synchronized will be added to the existing AD groups (AD groups import) or if the existing AD groups will be completely replaced by those to be synchronized (AD groups synchronize).


The Synchronize option allows you to schedule the AD synchronization to a certain time interval.


Detailed configuration of Active Directory synchronization can be done using the Configuration Editor (ESET Remote Administrator > ERA Server > Setup > Groups > Active Directory Synchronization options). By default, only Computer security groups and Computer organization units are synchronized. However, you can add other Active Directory objects by checking the desired option.


NOTE: For ERAS to synchronize with Active Directory, ERAS does not need to be installed on your Domain Controller. The Domain Controller only needs to be accessible from the computer where your ERAS is located. To configure authentication to your Domain Controller, go to Tools > Server Options > Advanced > Edit Advanced Settings > ESET Remote Administrator > ERA Server > Setup > Active directory. The format of the server name is LDAP://servername or GC://servername. When empty, global catalog (GC) is used.