Browse Guides

Loading list...
X
Supplier Import - CSV/XLS/Spreadsheet Method
Generating Agreement References
Introduction to Halo Guides
Ticket/Action Import - CSV/XLS/Spreadsheet Method
Client, Sites & Users Import - CSV/XLS/Spreadsheet Method
Pre-Pay V2
Deferring Project Revenue
Contents of Knowledge Base Guides
Iru Integration (Kandji)
Remote Support
Coralogix Integration
Start to Finish: Self-Service Portal
Grouping Tickets by Ticket Type in a Column Profile
Specifying Decimal Format in PDFs
Using Dollar Variables in Actions
Process Street Integration
SQL Imports - Licences and Subscriptions
HTML for 'Today's Date'
Runbook: Append a Recurring Invoice from Sales Order lines
Automated New Starter Requests into Microsoft Entra
Group Invoice Lines by Product Group
Managing a Recurring Invoice's Lines Quantity, Price and Cost for Subscriptions
Parent and Child Projects from Sales Orders
Project Task Creation Rules Based on a Multi-Select Field
Custom SQL Query for Licence/Subscription Count on Recurring Invoice Lines
Example Pay As You Go Client
Example Pre-Pay Client
Example All You Can Eat Agreement Client
Example Combination Client
Performing Ticket Approvals via API
Automated Tickets - Next Call Date
Linking one Appointment to a Ticket to Link all Appointments in the Same Series
Using QR Codes on PDF Templates
Annotating Images in Actions
Azure Actions
Custom Table Examples
Worked Example - Receiving & Delivering Stock with Assets Created at The Point of Consignment
How to change the colour of 'How can we help you today?' on the Portal
Ticket Category Defaults and Overrides
IronPDF Errors
3CX Integration
Email General Settings
Billing Templates
Asset Fields
Pax8 Integration
Agents
Importing Data
Asset Statuses
Asset Relationships
Syncing Exchange Calendars using the Microsoft Graph API
Using your Knowledge Base
Customer Types
CSV Templates
PDF Templates
Accounts Codes
Asset Types
Expenses
Actions
Google Mail Setup (Setting up Google Application)
Datto RMM Integration
Ticket Area Breakdown
Sites
Tax Rates
Using Category Group as Ticket Rule Criteria
Users
User Roles
Purchase Orders
Charge Types
Quotations General Settings
Approval Processes
TeamViewer Integration
Email Rules
A Step-by-Step Guide to Make a Bulk Change in the Halo Database Through the API Using JSON in Postman
Okta Integration
Open AI Integration
Active Directory Integration (LDAP)
Departments and Teams
Adding a Mailbox Without The Use of Azure or Google
Create Knowledge Base Articles using files/documents
GitHub Integration
Mail Processing FAQs
Populating Invoice Lines from $-Variables
Menu Buttons
PDF Templates
Notification Templates
Drag and Drop Tickets Onto a Calendar to Create Appointments
Email Threading
Agents
Holiday Management
ManageEngine Endpoint Central Integration
Canned Text
Chat Profiles
Organisational Chart
How To Bulk Update Tickets, Drag and Drop Tickets Into Different Queues, An Explanation of Ticket Symbols
Sales Mailboxes
Access Restrictions on Suppliers
Document Management
Automating Procurement
Custom Tables
Suppliers
An Introduction to Halo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Using and Configuring Halo
Using and Configuring Halo
Integrations
Integrations
Configuration Settings Guides
Configuration Settings Guides
On-Premises Guides
On-Premises Guides
About Halo
About Halo
Active Directory Integration (LDAP)
Reading mode
Copy Link
Link Copied!
Print
Feedback
This guide has multiple versions available:
<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><style> p { margin: 0; } span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px; } blockquote blockquote { border-color: #00bcd4; color: #00bcd4; } blockquote blockquote blockquote { border-color: #43a047; color: #43a047; } table.grid { border-collapse: collapse; } table.grid td, table.grid th { border: 1px solid #ddd; } .fr-fic.fr-dib { display: block; margin: 5px auto; } .fr-fic.fr-dib.fr-fir { text-align: right; margin: 5px 0 5px auto; } .fr-fic.fr-dib.fr-fil { text-align: left; margin: 5px auto 5px 0; } .fr-fic.fr-dii { float: none; margin: 5px auto; } .fr-fic.fr-dii.fr-fil { float: left; margin: 5px auto; } .fr-fic.fr-dii.fr-fir { float: right; margin: 5px auto; } img.fr-dib.fr-fir { margin-right: 0; text-align: right; } img.fr-dib.fr-fil { margin-left: 0; text-align: left; } img.fr-dib { margin: 5px auto; display: block; float: none; } img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC; } img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc; } img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box; } </style><style> p { margin: 0; } span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px; } blockquote blockquote { border-color: #00bcd4; color: #00bcd4; } blockquote blockquote blockquote { border-color: #43a047; color: #43a047; } table.grid { border-collapse: collapse; } table.grid td, table.grid th { border: 1px solid #ddd; } .fr-fic.fr-dib { display: block; margin: 5px auto; } .fr-fic.fr-dib.fr-fir { text-align: right; margin: 5px 0 5px auto; } .fr-fic.fr-dib.fr-fil { text-align: left; margin: 5px auto 5px 0; } .fr-fic.fr-dii { float: none; margin: 5px auto; } .fr-fic.fr-dii.fr-fil { float: left; margin: 5px auto; } .fr-fic.fr-dii.fr-fir { float: right; margin: 5px auto; } img.fr-dib.fr-fir { margin-right: 0; text-align: right; } img.fr-dib.fr-fil { margin-left: 0; text-align: left; } img.fr-dib { margin: 5px auto; display: block; float: none; } img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC; } img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc; } img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box; } </style><style> p { margin: 0; } span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px; } blockquote blockquote { border-color: #00bcd4; color: #00bcd4; } blockquote blockquote blockquote { border-color: #43a047; color: #43a047; } table.grid { border-collapse: collapse; } table.grid td, table.grid th { border: 1px solid #ddd; } .fr-fic.fr-dib { display: block; margin: 5px auto; } .fr-fic.fr-dib.fr-fir { text-align: right; margin: 5px 0 5px auto; } .fr-fic.fr-dib.fr-fil { text-align: left; margin: 5px auto 5px 0; } </style><style> p { margin: 0; } span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px; } blockquote blockquote { border-color: #00bcd4; color: #00bcd4; } blockquote blockquote blockquote { border-color: #43a047; color: #43a047; } table.grid { border-collapse: collapse; } table.grid td, table.grid th { border: 1px solid #ddd; } .fr-fic.fr-dib { display: block; margin: 5px auto; } .fr-fic.fr-dib.fr-fir { text-align: right; margin: 5px 0 5px auto; } .fr-fic.fr-dib.fr-fil { text-align: left; margin: 5px auto 5px 0; } </style><p><span style="font-size: 11pt;"><strong>In this guide we will cover:</strong></span></p><p><span style="font-size: 11pt;"><strong>- Setting Up A New Connection</strong></span></p><ul><li style="font-size: 11pt; font-weight: bold;"><strong>The Details Tab</strong></li><li style="font-size: 11pt; font-weight: bold;"><strong>Field Mappings</strong></li><li style="font-size: 11pt; font-weight: bold;"><strong>Agent/User Mappings</strong></li><li style="font-size: 11pt; font-weight: bold;"><strong>CAB Mappings</strong></li><li style="font-size: 11pt; font-weight: bold;"><strong>New User Onboarding</strong></li><li style="font-size: 11pt; font-weight: bold;"><strong>Imports</strong></li></ul><p><span style="font-size: 11pt;"><strong>-&nbsp;Running the Sync</strong></span></p><p><span style="font-size: 11pt;"><strong>- Helpful Information</strong></span></p><ul><li style="font-size: 11pt; font-weight: bold;"><strong>Fields</strong></li><li style="font-size: 11pt; font-weight: bold;"><strong>Child Domains</strong></li></ul><p><span style="font-size: 11pt;">Halo&#39;s integration with Active Directory (AD) allows you to configure an LDAP connection for syncing Agents and Users from AD into Halo on a scheduled basis, allowing you to have an aligned list of users in both systems at all times.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">This guide covers the configuration of the integration within Halo and includes some useful information at the end of the article in terms of commonly used fields, for both Halo and AD, as well as information on child domains.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">Configuration of this integration involves an understanding of on-premise (locally hosted) applications and involves the use of a locally hosted (by you) Halo Integrator. This guide focuses broadly on the set up of the integration inside of Halo and so does not go into the set up of an Integrator application, if you need help for this please refer to the following guides:&nbsp;</span></p><ul><li style="font-size: 11pt;"><a href="https://usehalo.com/haloitsm/guides/1062/" target="_blank" rel="noopener noreferrer" style="font-size: 11pt;">Halo Integrator</a></li><li style="font-size: 11pt;"><a href="https://usehalo.com/haloitsm/guides/1766/" target="_blank" rel="noopener noreferrer" style="font-size: 11pt;">Halo DB Integrator</a></li><li style="font-size: 11pt;"><a href="https://usehalo.com/haloitsm/guides/2714/" target="_blank" rel="noopener noreferrer" style="font-size: 11pt;">Hosting Your Own Halo Integrator</a></li></ul><p><span style="font-size: 11pt;"><strong><em>Note: This integration is a one-way sync from Active Directory into Halo, nothing will sync back from Halo into AD. Therefore, maintaining the list of users in AD will in turn maintain your Agents and Users in Halo.</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">From v2.236+, access control can be used to grant access to the integration to specific Agents, Teams, Roles, and Departments. For more information on access control, see our guide linked&nbsp;</span><span style="font-size: 11pt;"><a href="https://usehalo.com/haloitsm/guides/2426" target="_blank" rel="noopener noreferrer">here</a></span><span style="font-size: 11pt;">. &nbsp;</span></p><p><br></p><p><span style="font-size: 14pt;"><strong>Setting Up A New Connection</strong></span></p><p><span style="font-size: 11pt;">To set up a new LDAP connection, navigate to Configuration &gt; Integrations &gt; Active Directory - if the integration is not already enabled then click the + icon on the module to enable it.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjE1ZGYxMzQwLTI0MDYtNGZiMS04ZDMzLWZkZDhiZjUxOTAyNiJ9.LEYAq_pAAFSvLzHVnEyNtFCgvXXfZ7wHlir3_6hGTpM" class="fr-fic fr-fil fr-dib" width="484" height="409"></span></p><p><span style="font-size: 10pt;"><strong>Fig 1. Enabling the Active Directory integration module</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">Within the integration you will see a list of your current connections, if you have any, and a &#39;New&#39; button in the top right corner to add a connection. Click the &#39;New&#39; button and you will see the connection configuration, which will include six tabs:&nbsp;</span></p><ol><li style="font-size: 11pt;"><strong>Details</strong> - The details that allow Halo to connect to the LDAP/AD and other related settings.</li><li style="font-size: 11pt;"><strong>Field Mappings</strong> - The tab for associating fields in Halo with fields in the LDAP/AD, split out into User and Agent fields. These mapping tables are pre-populated with common mappings for Active Directory.</li><li style="font-size: 11pt;"><strong>Agent/User Mappings&nbsp;</strong>- The tab for associating sites or agents in HALO with organizational units and/or containers in LDAP/AD.</li><li style="font-size: 11pt;"><strong>CAB Mappings</strong> - The tab for associating Change Advice Boards (CABs) in HALO with organizational units and/or containers in LDAP/AD.</li><li style="font-size: 11pt;"><strong>New User Onboarding</strong> - The tab to set the ticket template used for new tickets created when a new user is created by Active Directory.</li><li style="font-size: 11pt;"><strong>Imports&nbsp;</strong>- The tab to set matching fields for when users and agents are imported into Halo by Active Directory.</li></ol><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjdhMjRlMjA0LTMyMGMtNDVlMy04OWVhLTY2ZTkxOTVlODFlZiJ9.gk4gi817U7KywRd-BgcpC_5vo3p129cAW48tM4ubhwc" class="fr-fic fr-fil fr-dib" width="545" style="width: 547px; height: 256.791px;" height="257"></span></p><p><span style="font-size: 10pt;"><strong>Fig 2a. Adding a new connection within the AD integration module in Halo</strong></span></p><p><br></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImE1Y2E1YjA5LTdhOTEtNDRjYy05ODY2LWU2ZWNjYTAxMTA5OCJ9.8PcH_zHEneT8W_mylvZGgO_mfobuYh7Rq04pIbGBKYQ" class="fr-fic fr-fil fr-dib" width="713" style="width: 715px; height: 463.878px;" height="464"></span></p><p><span style="font-size: 10pt;"><strong>Fig 2b. The configuration tabs of a new AD connection in Halo</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>The Details Tab</strong></span></p><p><span style="font-size: 11pt;">Within this tab you can configure the connection credentials for the integration. As in other areas of Halo, the required fields on the configuration pages are designated by a red asterisk: <strong><span style="color: rgb(184, 49, 47);">*</span></strong>.</span></p><p style="margin-left: 20px;"><br></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>Details</strong></span></p><p><span style="font-size: 11pt;"><strong>Connection Name</strong>&nbsp; - The name of this specific connection, this field does not have any functionality besides reference for yourself.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Connection Type</strong></span></p><ul><li style="font-size: 11pt;">&#39;Server - The Halo Server can connect to the domain&#39;&nbsp;</li><li style="font-size: 11pt;">&#39;Agent - The Halo Server cannot connect to the domain&#39;</li></ul><p><span style="font-size: 11pt;">The connection type you set here determines whether or not Halo itself can reach the Active Directory server.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">You will notice that a section of the Details tab dynamically appears when the connection type &#39;Server - The Halo Server can connect to the domain&#39; is selected:</span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkYWQxZTY0LWEyYzgtNDRiMC05NWJiLTI2Yzk3MDUzNTQ2MyJ9.hLzKJwe2JtUFrh5nDVKaqU35txiHZcv0nNZnsgQ9Smg" class="fr-fic fr-fil fr-dib" width="700" style="width: 702px; height: 477px;" height="477"></span></p><p><span style="font-size: 10pt;"><strong>Fig 3. The AD Authentication setting that appears when the &#39;Server&#39; connection type is selected</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">This Authentication Method setting determines which credentials - Halo or AD - agents and users can use when logging into Halo. It is only visible as a configuration option when using the &#39;Server&#39; connection type because Halo itself must be able to access the AD server to authenticate users directly using the Agent/User&#39;s AD credentials. As such, if you are using the &#39;Agent&#39; connection type then the authentication method &#39;Use Active Directory Username/Email and Password&#39; will not be possible and the Agent/User will either have to use their Halo credentials to log in or you will have to consider another option for user authentication such as ADFS (Active Directory Federation Services).</span></p><p><span style="font-size: 11pt;"><br></span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>LDAP Connection</strong></span></p><p><span style="font-size: 11pt;"><strong>Host Name/IP Address&nbsp;</strong>- &nbsp;The &lsquo;Hostname&rsquo; or IP Address of your Domain Controller (DC) where the LDAP/AD resides. If your Halo instance is hosted by us (Halo), but you use an internal-only IP address in this field, then you cannot use the &#39;Server&#39; connection type as Halo won&#39;t be be able to reach that IP, you will need to use the &#39;Agent&#39; connection type or set up a VPN/secure tunnel to allow Halo&#39;s access to the Domain Controllers.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Domain Name&nbsp;</strong>- The name of the domain that LDAP/AD is associated with. For example: &quot;MyCompany.local&quot;&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Authentication Type</strong> - The authentication method used by your LDAP.</span></p><ul><li style="font-size: 11pt;">&#39;Basic Authentication&#39;</li><li style="font-size: 11pt;">&#39;Anonymous Authentication&#39;</li></ul><p><span style="font-size: 11pt;">&#39;Basic&#39; is the recommended authentication type.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Username</strong> - The username for the service account used to access the Domain Controller.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Password</strong> - The password for the service account used to access the Domain Controller.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Port</strong> - Can be left blank unless you are using a non-default LDAP port.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">For reference, if the AD server is configured for secure LDAP, LDAPS, then the default port is 636. If the AD server is configured for unencrypted LDAP (not recommended), or LDAP with StartTLS, then the port is 389.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>SSL</strong> - Can be left unchecked unless you are using an encrypted LDAP connection (LDAPS).</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Base DN&nbsp;</strong>- For the MyCompany.local example Domain Name, this would be set as &quot;DC=Local,DC=MyCompany&quot;.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Page Size</strong> - 1000 is the maximum, the page size is set to this by default. Setting this field to 0 means no pagination.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you are unsure on what to set in any of the above fields, your LDAP/AD administrator should be able to advise.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">Once you have all the relevant fields populated, if you are using the &#39;Server&#39; connection type, you can use the &lsquo;Test&rsquo; button to confirm your credentials.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: This test runs from the web server, not your browser, so if the web server is blocked from connecting to the LDAP/AD then the test will fail. This may often be the case for hosted customers.</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If the credentials test fails then it is likely a network problem or an issue with the credentials - it would be best to reach out to your LDAP/AD administrator or network administrator for troubleshooting.</span></p><p><span style="font-size: 11pt;"><br></span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>Halo Integrator</strong></span></p><p><span style="font-size: 11pt;">In this section you can choose if you want to enable this AD connection to be synced by a Halo integrator application.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">On versions 2.196+ you have a choice of integrators that can be used to schedule this import, allowing you to choose between using the Halo integrator (hosted by you) or the Halo DB integrator (also hosted by you). The primary difference between these choices is how your password will be exposed. The Halo integrator application will access your Halo database, including obtaining your password, through the API, which means the password for the integration will need to be accessible via the API. &nbsp;Whereas the Halo DB integrator has the Halo API built into it and connects directly to your database. For more information on the Halo integrator application and the Halo DB integrator check out the following guide: <a href="https://usehalo.com/haloitsm/guides/1062/" target="_blank" rel="noopener noreferrer" style="font-size: 11pt;">Halo Integrator</a>.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: Your choice of integrator will impact how the password used for the integration is exposed, whether it is accessible via the API or not, but this will also be determined by your chosen password storage method.&nbsp;</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjkwZTQ5OTVjLTAwZDItNGM2Ni04OGZjLTZmNjAwMzI5NTAwMCJ9.P5gK9oBrHyPgYYwp2Ic5wI3Hx8lJgTLZHYupxRm04MM" class="fr-fic fr-fil fr-dib" width="672" style="width: 674px; height: 232.367px;" height="232"></span></p><p><span style="font-size: 10pt;"><strong>Fig 4. Halo Integrator selection for the AD integration</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: We recommend using the Halo DB integrator to schedule imports for SCOM as currently passwords can only be stored in Halo, therefore if using the Halo integrator this will be accessible via the API.</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you have multiple Halo integrator applications, you may wish to restrict which of these have access to this integration. By default all client IDs will be able to access on-premise integrations. However, this can be disabled, allowing you to whitelist which client IDs can access the integration. To do this head to Configuration &gt; Advanced Settings and disable &#39;Allow all client IDs to access all on-prem integrations which use the Halo Integrator&#39; (Figure 5).&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjUzY2YyYTNiLTMyMTQtNDUwYi04ZDNjLTQyNmY1OWU3ZWU4NyJ9.vnx0p_iHPJX3lU1FKyY6ySYOd2F0yVQk8VrgQ8mU7-s" class="fr-fic fr-fil fr-dib" width="732" style="width: 734px; height: 393.386px;" height="393"></span></p><p><span style="font-size: 10pt;"><strong>Fig 5. The checkbox setting for allowing all client IDs to access all on-prem integrations which use the Halo Integrator</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">Once enabling the Halo Integrator and selecting the type of integrator to use, you will be presented with three additional configuration fields:</span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFhZGNmNTdmLTk3Y2ItNDA2NS1hNzMwLWFhMzRjMDg4MWU4NyJ9.CFsNNvk771NDs_D_6nuhyfwdJRFEc_v7_sgx69gXVDQ" class="fr-fic fr-fil fr-dib" width="837" style="width: 839px; height: 513.122px;" height="513"></span></p><p><span style="font-size: 10pt;"><strong>Fig 6. The addition fields that appear for configuration once the Halo Integrator is enabled for the AD integration</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>IP Address</strong> - Your integrator of choice will only process this integration when running on a server with the specified IP address.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>Entities to Import</strong> - For determining what is imported by the scheduled sync ran on the integrator. Your options are:</span></p><ul><li style="font-size: 11pt;">Agents &amp; Users</li><li style="font-size: 11pt;">Users</li><li style="font-size: 11pt;">Agents</li></ul><p><span style="font-size: 11pt;"><strong>Allowed Client IDs</strong> - Enter the client IDs for the applications set up to authorise the connection between your Halo instance and your Halo Integrator. Only the integrators authorised using these client IDs will be able to access this integration.</span></p><p><span style="font-size: 11pt;"><br></span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>AD Sync</strong></span></p><p><span style="font-size: 11pt;"><strong>Sync Now</strong> - This button can be used to initiate an immediate sync from Active Directory into Halo to pull in new agents and users, and to update existing ones. As illustrated in Figure 7, when you select the button, it will bring up an import screen for selecting which entities to sync into Halo.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjczNDY3ZmU3LWRlYjAtNDFhMy1hOTY2LTI3OWZhM2E5ZTUxMCJ9.WWQnsjHOEXbvi1iVouaxKgwrrEpwwuPejDwy_gGJxN8" class="fr-fic fr-fil fr-dib" width="824" style="width: 826px; height: 469.035px;" height="469"></span></p><p><span style="font-size: 10pt;"><strong>Fig 7. The import screen that shows once the &#39;Sync Now&#39; button is selected in the Active Directory integration</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: This button should only be used once all your tabs are configured correctly in order to avoid incorrect imports.</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>Field Mappings</strong></span></p><p><span style="font-size: 11pt;">The Field Mappings tab is where you configure the links between the fields in Active Directory and the fields in Halo.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjA4MTU1MWMzLTVkNTAtNDk2YS1hZmY3LTA2MWM2OWIzMjE3YSJ9.DZuW9J4X4xR-B2-TGIzXph5vG-72Wz6lEvymblrjSWM" class="fr-fic fr-fil fr-dib" width="761" style="width: 763px; height: 480.042px;" height="480"></span></p><p><span style="font-size: 10pt;"><strong>Fig 8. The field mappings tab in the AD integration, it is divided into user fields and agent fields</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">A list of default mappings based on common practice will pre-populate within this tab, but you may wish to make adjustments. As illustrated in Figure 9, to edit or delete the pre-populated mappings, use the edit (pencil) icon or the delete (trash can) icon. Equally, to add in new mappings use the &#39;+ Add&#39; button.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjQzMzVkM2I3LWM5NzEtNDFhOS04OTg4LWJkMjViYTlmZmJlMyJ9.0NXGeaFSBbu63phkhWNLjTtz8cr7P8P2nMZ0lSQmANQ" class="fr-fic fr-fil fr-dib" width="704" style="width: 706px; height: 498.784px;" height="499"></span></p><p><span style="font-size: 10pt;"><strong>Fig 9. Configuration buttons for the user/agent field mappings&nbsp;</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: In the &#39;Helpful Information&#39; section at the bottom of this guide you will find a list of the relevant LDAP/AD fields and a description of their content, as well as the relevant Halo agent and user fields.</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>Agent/User Mappings</strong></span></p><p><span style="font-size: 11pt;">This tab allows you to specify which containers and organisational units in LDAP/AD map to which user sites and agent roles in Halo.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">You can add your mappings manually if you wish. When you click to edit the page, you can click the &#39;+ Add&#39; button which presents you with the screen for creating a new LDAP Mapping (Figure 10).</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImE5OTM0OTg2LTlkNTEtNDNjYi1hODY5LTNlZWViMWUwYTg5ZSJ9.k72GELPhZpcT1SYbkiso0_Y9uKDBu6CG9LdiM8LlTqo" class="fr-fic fr-fil fr-dib" width="645" style="width: 647px; height: 289.322px;" height="289"></span></p><p><span style="font-size: 10pt;"><strong>Fig 10a. The button for creating a new Agent/User mapping</strong></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNkYjBjMDI5LTFlNGMtNDUyYS04YTIxLTM4MzkzMWFhYzQxMSJ9.Ji-kX8VW_G3GQ89hZ0oDCeI6Tq6Tg7Is4kOMvA3kVkM" class="fr-fic fr-fil fr-dib" width="471" style="width: 473px; height: 462.936px;" height="463"></span></p><p><span style="font-size: 10pt;"><strong>Fig 10b. The screen that appears for creating a new LDAP Agent or User mapping</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you are creating an Agent mapping you should set the Halo Site to the &#39;*Agent*&#39; option. If you are bringing a large number of agents into Halo, or you have a large number of roles to apply, it is recommended to create a mapping for each Agent role (&#39;Role for Agents&#39; field) instead of one large Agent mapping.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: If you are operating on a version of Halo earlier than version 2.226.1, the only fields that show in the column profile of this mappings table will be &#39;AD Object&#39;, &#39;Mapping Type&#39; and &#39;Halo Site&#39;. You will need to click into the individual mappings to view the other field values.&nbsp;</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRjMDViOGUzLTdjZTctNDE5ZC1iOTcyLTM0YjNlYzdhYjk1ZiJ9.Pp9UozEhM8hpHm4AMPBhgkJGMAQXBvDwVLDoYL2aRV4" class="fr-fic fr-fil fr-dib" width="780" style="width: 782px; height: 146.042px;" height="146"></span></p><p><span style="font-size: 10pt;"><strong>Fig 11a. The column profile for the AD Agent/User mappings on versions of Halo pre 2.226.1</strong></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImJlMzAwYWZiLWZiNTItNDMwYy05MTY5LTVhMTg4YmYwZmYwYyJ9.N6WswjZsgPo5z6C3kQj6piE-8iz29TTyetBHbCUYLSA" class="fr-fic fr-fil fr-dib" width="787" style="width: 789px; height: 169.181px;" height="169"></span></p><p><span style="font-size: 10pt;"><strong>Fig 11b. The improved column profile for the AD Agent/User mappings on versions of Halo 2.226.1+</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you do not wish to create the Agent/User mappings manually, you can instead use the button &#39;Create mappings using AD Explorer&#39;. This function will only work if the LDAP/AD is accessible, but it can make it easier to create your Agent/User mappings.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">This button will open up the AD Explorer (Figure 12), loading a list of all currently mapped containers/objects from the LDAP/AD. Checking the &#39;Show All Containers&#39; checkbox will allow you to select other containers to add new mappings.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">When adding a mapping using AD Explorer, you will be asked to select the following:</span></p><ul><li style="font-size: 11pt;"><strong>Site</strong> - This is the site/location in Halo that the LDAP/AD object will map to i.e. the users in the LDAP/AD container will be created under this site. You can also select &#39;*Agent*&#39;, causing users in the container to be created as Agents in Halo, rather than Users.</li><li style="font-size: 11pt;"><strong>Mapping Type</strong> - This defines which users associated with the object in LDAP/AD are to be created in Halo. You can specify that just users directly in the object are synced (&#39;Users in Object&#39;), all users within objects that are within the selected object (&#39;Users in Object and all Objects within&#39;), or even all users that have a &#39;Member of&#39; relationship with the selected object, but don&#39;t necessarily exist within the object (&#39;All Members of the Object&#39;).</li><li style="font-size: 11pt;"><strong>Role for Agents</strong> - This is only used for Agent mappings and specifies the default Role permissions that Agents created from LDAP/AD sync should be given, only one role can be selected here.</li><li style="font-size: 11pt;"><strong>LDAP filter</strong> - You can also add an LDAP filter here, which can be used to filter out users within (or Members of) the object that you do not want to be imported into Halo. This filter uses standard LDAP filter syntax, you can see an example of this syntax in Figure 11b. You are able to use the variables $CURRENTDATETIME and $LASTSYNCDATE within these filters - these must be uppercase if used.&nbsp;</li></ul><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjdjYTZmODk5LWE1NjItNGM1Yi1iYTA1LTU1NzI1NjM4NjQwMiJ9.Yt8kRvnoKPxOvDlL49bBvC32Tc0ZPpdeGZsC7p8coCI" class="fr-fic fr-fil fr-dib" width="756" style="width: 758px; height: 484.436px;" height="484"></span></p><p><span style="font-size: 10pt;"><strong>Fig 12. The AD Explorer screen brought up when selecting &#39;Create mappings using AD Explorer&#39; in the Agent/User Mappings tab</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>CAB Mappings</strong></span></p><p><span style="font-size: 11pt;">The CAB (Change Advice Board) mappings tab allows you to relate CABs in Halo to objects in LDAP/AD. The configuration of this tab is essentially the same as the Agent/User Mappings tab in that you can create new mappings manually, by selecting the &#39;+ Add&#39; button, or by using AD Explorer.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjdjNWQyOGEzLWRkYWEtNDE4MC1iNjMzLTQ5MzMxMzIwY2E1ZiJ9.fQtKGWEW1IClHvzmbJ9r7sgJi1iwMvciu0bsS4BnXeM" class="fr-fic fr-fil fr-dib" width="666" style="width: 668px; height: 442.442px;" height="442"></span></p><p><span style="font-size: 10pt;"><strong>Fig 13. The mapping creation options for the CAB Mappings tab</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you choose to create the mappings manually then you will need to enter in the AD Object and the corresponding CAB.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjJjNzRhMjFjLWIxNmYtNDY0NC1hNDA5LTFkZjBjYjQwZmIyZSJ9.eE544kHGX0wt6xM3yDVIQpf2MhHjgPD7um9SCWYw3C0" class="fr-fic fr-fil fr-dib" width="576" style="width: 578px; height: 338.711px;" height="339"></span></p><p><span style="font-size: 10pt;"><strong>Fig 14. Manual creation of LDAP mappings for Halo CABs</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you choose to create the CAB mappings using AD Explorer then it will pull up a similar creation screen to the one brought up for the Agent/User Mappings.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlMjk5ZWQyLTJjYjctNDgwYy1hMGExLTAwZWQxMzY5YjQxOSJ9.Zw1dN8d7fg1cTrtzP4dM92tNoZbsvPOkC-bVpRr9lr8" class="fr-fic fr-fil fr-dib" width="688" style="width: 690px; height: 424.387px;" height="424"></span></p><p><span style="font-size: 10pt;"><strong>Fig 15. AD Explorer screen for creating CAB Mappings</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>New User Onboarding</strong></span></p><p><span style="font-size: 11pt;">This tab provides you with the option to choose the ticket template that is used for the ticket logged when new users are imported from Active Directory.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImExMTNlNzg2LTc4YWMtNDM3Zi1hMzUyLWY2Y2QwY2EwMTllNCJ9.oF5w7U2lapcJQo4dxfNPXl5ABJZCzyASmIms2Y_Yh80" class="fr-fic fr-fil fr-dib" width="596" style="width: 598px; height: 468.068px;" height="468"></span></p><p><span style="font-size: 10pt;"><strong>Fig 16. The template selection option in the New User Onboarding tab of AD</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">When you select your chosen ticket template, further configuration options dynamically appear that allow you to determine the end-user behaviour and any ticket level field mappings you wish to have.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjgyZWE2YTljLWYyMzctNDMxNC1iZjc2LWM5MzU5OTgwMzIxOCJ9.wv38MES172qN--DOVRNJDwfESqwwvo_drrZaytoqd54" class="fr-fic fr-fil fr-dib" width="749" style="width: 751px; height: 459.493px;" height="459"></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 10pt;"><strong>Fig 17. End-user and field mapping configuration options for the New User Onboarding ticket tab</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">Configuring this tab correctly means that, every time a new user is created in AD and synced through to Halo, a new ticket will be logged with the relevant details needed for the onboarding.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">The templates that are available for selection are any (parent) ticket templates, child templates are not available for selection. These can be configured in Configuration &gt; Tickets &gt; Templates, keep the entity as &#39;Ticket Template&#39;:</span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijg3NGNjYWNkLTVlMTYtNDEwYi05MGE3LTc5YmI0NWQ4MGIzOCJ9.AaJLGqdHwqjx-zzVBJGD-MFB965Ooo6hX-kEpsvBOXs" class="fr-fic fr-fil fr-dib" width="742" style="width: 744px; height: 427.853px;" height="428"></span></p><p><span style="font-size: 10pt;"><strong>Fig 18. Configuration area in Halo for Ticket Templates</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">To find out more information on configuring Ticket Templates, please refer to the following guide: <a href="https://usehalo.com/halopsa/guides/885" target="_blank" rel="noopener noreferrer" style="font-size: 11pt;">Ticket Templates</a>.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>Imports</strong></span></p><p><span style="font-size: 11pt;">The Imports tab for the AD integration allows you to choose the matching fields for importing agents and users into Halo. These matching fields are in place as a failsafe to prevent the creation of duplicate records in Halo. By default, the unique ID of the Active Directory Agent or User will always be checked first before any other matching fields.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjQ5MWQ4ZGI0LTVhMzMtNDU4OS04M2IxLTY3ZmRkOWIyYjIzOCJ9.BRIu9yiElZG-36E-LIzy7_H7XCJsh4rs5lMSpkds0oc" class="fr-fic fr-fil fr-dib" width="711" style="width: 713px; height: 467.952px;" height="468"></span></p><p><span style="font-size: 10pt;"><strong>Fig 19. The Imports tab of the AD integration</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">The options for the matching fields are hardcoded and the current options are the following:</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong>User Matching Fields&nbsp;</strong></span></p><ul><li style="font-size: 11pt;">Name</li><li style="font-size: 11pt;">Email Address</li><li style="font-size: 11pt;">Network Login</li><li style="font-size: 11pt;">&#39;Other&#39; Fields 1-5</li></ul><p><span style="font-size: 11pt;"><strong>Agent Matching Fields</strong></span></p><ul><li style="font-size: 11pt;">Name</li><li style="font-size: 11pt;">Email Address</li><li style="font-size: 11pt;">Network Login</li></ul><p><span style="font-size: 11pt;">The <strong>Unique Identifier Field</strong> provides the option to change the default matching field from Active Directory unique ID to another field of your choice.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: It is recommended to use Email Address for at least one of the matching fields because, aside from the AD unique ID, it is the field most likely to be unique per Agent/User.</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 14pt;"><strong>Running the Sync</strong></span></p><p><span style="font-size: 11pt;">Once you have completed the configuration of all six tabs of the Active Directory integration, it is ready to start syncing.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you have enabled the Halo Integrator for the integration, then the sync will run on a schedule without you having to manually import the data. In the Halo Integrator section in the details tab of the integration you will be able to see when it last synced and if there were any errors in the last sync.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYwNWNhNjZkLTU4YjAtNGIzMi04MWRmLWUxNDZkMjRhNThiNyJ9.feRu_y0w82SdjLmow3SVeAt_YXcCZBYAF14rVw_T3qI" class="fr-fic fr-fil fr-dib" width="485" style="width: 487px; height: 65.4867px;" height="65"></span></p><p><span style="font-size: 10pt;"><strong>Fig 20. Sync fields for the Halo integrator section of the Active Directory integration</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">If you want to run an import of Agents and Users from Active Directory immediately without waiting for the first sync, then you can use the &#39;Sync Now&#39; button (Figure 7).&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><strong><em>Note: If you do not enable the Halo Integrator for the integration, then you will need to manually import in Agents and Users using the &#39;Sync Now&#39; button any time you want to align your users in Halo with those in AD.&nbsp;</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 14pt;"><strong>Helpful Information</strong></span></p><p><span style="font-size: 11pt;">In this section you can find information on the AD and Halo fields commonly used for the Active Directory integration, as well as information on the use of Child Domains.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>Fields</strong></span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>LDAP field names</strong></span></p><p><span style="font-size: 11pt;"><strong><em>Note: The label seen in active directory is often different to the field name.</em></strong></span></p><p><span style="font-size: 11pt;"><br></span></p><p>&nbsp;</p><table><colgroup><col style="width: 22.2433%;"></colgroup> <colgroup><col style="width: 77.7567%;"></colgroup><tbody><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">LDAP Attribute</span></p></td><td><p><span style="font-size: 11pt;">Example/Description</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">CN - Common Name</span></p></td><td><p><span style="font-size: 11pt;">CN=Guy Thomas. Actually, this LDAP attribute is made up from givenName joined to SN</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">description</span></p></td><td><p><span style="font-size: 11pt;">What you see in Active Directory Users and Computers. Not to be confused with displayName on the Users property sheet.</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">displayName</span></p></td><td><p><span style="font-size: 11pt;">displayName = Guy Thomas. Avoid this attribute if possible, as it can be confused with CN or description.</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">DN - also distinguishedName</span></p></td><td><p><span style="font-size: 11pt;">DN is simply the most important LDAP attribute. CN=Jay Jamieson, OU= Newport,DC=cp,DC=com</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">givenName</span></p></td><td><p><span style="font-size: 11pt;">First name</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">homeDrive</span></p></td><td><p><span style="font-size: 11pt;">Home Folder : connect.</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">name</span></p></td><td><p><span style="font-size: 11pt;">name = Guy Thomas. Exactly the same as CN.</span></p></td></tr><tr style="height: 30px;"><td><span style="font-size: 11pt;">title</span></td><td><span style="font-size: 11pt;">Job title for the Agent/User</span></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">objectCategory</span></p></td><td><p><span style="font-size: 11pt;">Defines the Active Directory Schema category. For example, objectClass = Person</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">objectClass</span></p></td><td><p><span style="font-size: 11pt;">objectClass = User. Also used for Computer, organizationalUnit, even container. Important top level container.</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">physicalDeliveryOfficeName</span></p></td><td><p><span style="font-size: 11pt;">Office on the user&#39;s General property sheet</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">profilePath</span></p></td><td><p><span style="font-size: 11pt;">Roaming profile path: connect</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">sAMAccountName</span></p></td><td><p><span style="font-size: 11pt;">sAMAccountName = guyt. Old NT 4.0 logon name, must be unique in the forest. Can be confused with CN.</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">SN</span></p></td><td><p><span style="font-size: 11pt;">SN = Thomas. This would be referred to as last name or surname.</span></p></td></tr><tr style="height: 30px;"><td><p><span style="font-size: 11pt;">userAccountControl</span></p></td><td><p><span style="font-size: 11pt;">Used to disable an account. A value of 514 disables the account, while 512 makes the account ready for logon.</span></p></td></tr><tr style="height: 43px;"><td><p><span style="font-size: 11pt;">userPrincipalName</span></p></td><td><p><span style="font-size: 11pt;">userPrincipalName = guyt@CP.com Often abbreviated to UPN, and looks like an e-mail address. Very useful for logging on especially in a large Forest. Note UPN must be unique in the forest.</span></p></td></tr><tr style="height: 30px;"><td><span style="font-size: 11pt;">memberOf&nbsp;</span></td><td><span style="font-size: 11pt;">CN=IT Staff,OU=Groups,DC=company,DC=com. This attribute determines which AD groups a user belongs to.</span></td></tr><tr style="height: 30px;"><td><span style="font-size: 11pt;">userAccountControl&nbsp;</span></td><td><span style="font-size: 11pt;">512 = Normal account, 514 = Disabled account, 66048 = Enabled, password never expires. This attribute tells you if the account is disabled/enabled.</span></td></tr></tbody></table><p><span style="font-size: 11pt;">&nbsp;</span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>Exchange Specific LDAP attributes</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><table><tbody><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">LDAP Attribute</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Example/Description</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">homeMDB</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Here is where you set the MailStore</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">mail</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">An easy, but important attribute. A simple SMTP address is all that is required billyn@ourdom.com</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">mAPIRecipient - FALSE</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Indicates that a contact is not a domain user.</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">mailNickname</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Normally this is the same value as the sAMAccountName, but could be different if you wished. Needed for mail enabled contacts</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">mDBUseDefaults</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Another straightforward field, just the value to:True</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">msExchHomeServerName</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Exchange needs to know which server to deliver the mail. e.g: /o=YourOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=MailSrv</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">legacyExchangeDN</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Legacy distinguished name for creating Contacts. In the following example, Guy Thomas is a Contact in the first administrative group of GUYDOMAIN: /o=GUYDOMAIN/ou=first administrativegroup/cn=Recipients/cn=Guy Thomas</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">proxyAddresses</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">As the name &#39;proxy&#39; suggests, it is possible for one recipient to have more than one e-mail address. Note the plural spelling of proxyAddresses.</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">targetAddress</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">SMTP:@ e-mail address. Note that SMTP is case sensitive. All capitals means the default address.</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">showInAddressBook</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Displays the contact in the Global Address List.</span></p></td></tr></tbody></table><p><span style="font-size: 11pt;">&nbsp;</span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>Other LDAP attributes</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><table><tbody><tr><td style="width: 400px;"><span style="font-size: 11pt;">LDAP Attribute</span></td><td style="width: 700px;"><span style="font-size: 11pt;">Example/Description</span></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">c</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Country or Region</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">company</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Company or organization name</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">department</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Useful category to fill in and use for filtering</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">homephone</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Home Phone number, (Lots more phone LDAPs)</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">l (Lower case L)</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">L = Location. City (Maybe Office)</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">location</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Important, particularly for printers.</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">manager</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Boss, manager</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">mobile</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Mobile/Cell Phone number</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">ObjectClass</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Usually User, or Computer</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">OU</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Organizational unit. See also DN</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">postalCode</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Zip or post code</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">st</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">State, Province or County</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">streetAddress</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">First line of address</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">telephoneNumber</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Office Phone</span></p></td></tr></tbody></table><p><span style="font-size: 11pt;">&nbsp;</span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>Halo Agent Fields for LDAP Sync</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><table><tbody><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Agent Field</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Database Field Name</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Agent / Technician Name</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uname</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Email Address</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">USMTP</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">IP Address / PC Name</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">UPC</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Telephone Number</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">USMS</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Job Title</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">UJobTitle</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Secondary Telephone Number (Used on Call Screens)</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">UExtensionNumber</span></p></td></tr></tbody></table><p><span style="font-size: 11pt;">&nbsp;</span></p><p style="margin-left: 20px;"><span style="font-size: 11pt;"><strong>Halo User Fields for LDAP Sync</strong></span></p><p><span style="font-size: 11pt;"><br></span></p><table><tbody><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">User Field</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Database Field Name</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Username</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uusername</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Title</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Utitle</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Email Address</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uemail</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Additional Emails</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uemail2</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">LDAP Proxy Email</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uemail3</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Network Login</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Ulogin</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Work Direct/Extn.</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uextn</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Work General</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">(set at site level)</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Work Mobile/Cell</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Umobile2</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Home Mobile/Cell</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Umobile</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Home Fixed</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Utelhome</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Fax Number</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Ufax</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">User Defined 1</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uother1</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">User Defined 2</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uother2</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">User Defined 3</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uother3</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">User Defined 4</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uother4</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">User Defined 5</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Uother5</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Notes</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Unotes</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Twitter Screen Name</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Utwitterscreenname</span></p></td></tr><tr><td style="width: 400px;"><p><span style="font-size: 11pt;">Disclaimer Matching String</span></p></td><td style="width: 700px;"><p><span style="font-size: 11pt;">Ufacebookid</span></p></td></tr></tbody></table><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 12pt;"><strong>Child Domains</strong></span></p><p><span style="font-size: 11pt;">When logged into one domain, if you try to do an LDAP sync to a child domain, then no users will be listed and there will not be any error messages.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">This is because the default domain context is taken to be the domain you are logged into. This can often be fixed by logging into the child domain.</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">Alternatively, specify the FDQN of the domain in the LDAP string. For example, it is possible to explicitly specify the FDQN of the LDAP server in the string.&nbsp;</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">E.g: Instead of:&nbsp;LDAP://CN=Users,DC=adw2k1,DC=co,DC=uk</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">You can say:</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">LDAP://adw2k1.co.uk/CN=Users,DC=adw2k1,DC=co,DC=uk</span></p><p><span style="font-size: 11pt;"><br></span></p><p><span style="font-size: 11pt;">Putting the child domains FQDN in the string instead to query the child domain.</span></p>
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Platform
Platform Capabilities >
Use Cases
View all Use Cases >
Resources
Halo
Subscribe to Halo for latest news

By submitting, you are agreeing to our privacy policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Follow
© 2026 Halo Service Solutions. All Rights Reserved.
Terms & ConditionsPrivacy PolicySecurityTrust CentreGDPRAccessibilityModern Slavery StatementService Status