About Importing Data from Active Directory Domain Services

Updated: May 13, 2016

Applies To: System Center 2012 SP1 - Service Manager, System Center 2012 R2 Service Manager, System Center 2012 - Service Manager

The Service Manager database in System Center 2012 – Service Manager contains information about your enterprise, and it is used by all the parts of your service management structure. You can use an Active Directory connector to add users, groups, printers, and computers (and only these object types) as configuration items into the Service Manager database.

In addition, when you configure an Active Directory connector to import data from an Active Directory group, you can select an option to automatically add users from the Active Directory group. When they are selected, any users that are added to the Active Directory group will be automatically added to the Service Manager database. If those users are removed from the Active Directory group, they will remain in the Service Manager database; however, they will reside in the Deleted Items group.

When you have created an Active Directory connector, Select objects in the connector cannot be updated. Instead, you create security groups in Active Directory that map to User Roles in Service Manager. For example, you can create a Security Group in Active Directory Domain Services (AD DS), named Incident Resolvers. In Service Manager, you can assign this security group to the Incident Resolvers user role. When you create the Active Directory connector and you select Automatically add users of AD Groups imported by this connector, when a user who is a member of the Incident Resolvers security group starts the Service Manager console, they will be granted Incident Resolver rights and permissions.

If you are importing data from several OUs or subdomains, you have the option of creating a Lightweight Directory Access Protocol (LDAP) query that specifies computers, printers, users, or user groups to import with the connector. For example, an LDAP filter of all objects that are in either Dallas or Austin and that have the first name of John looks like (&(givenName=John) (|(l=Dallas) (l=Austin))). You can test your queries, and all errors must be corrected before you can configure the Active Directory connector. For more information about LDAP queries, see Search Filter Syntax.

If you must later perform maintenance operations on the Service Manager database, you can temporarily disable the connector and suspend the importation of data. Later, you can resume the importation of data by re-enabling the connector.

When you import a large number of users from AD DS) or from System Center Configuration Manager, CPU utilization might increase to 100 percent. You will notice this on one core of the CPU. For example, if you import 20,000 users, CPU utilization might remain high for up to an hour. You can mitigate this issue by creating connectors and importing the users into Service Manager before you deploy the product in your enterprise and by scheduling connector synchronization during off hours. Installing Service Manager on a computer that has a multi-core CPU also minimizes the impact of importing a large number of users.

How to Create an Active Directory Connector
How to Disable and Enable an Active Directory Connector
How to Synchronize an Active Directory Connector
How to Import Data from Other Domains
Appendix B - Mapping Active Directory Domain Services Attributes to Properties in System Center 2012 - Service Manager