Related Topics
You can customize some of the ways in which Process Director interacts with Active Directory by editing the custom variables in this section of the documentation.
ADAuthNoDomain
Certain Active Directory installations can't accept a domain as part of the credential validation. This flag can be set to ensure the domain isn't passed to the Active Directory validation.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Do not use the domain on the credential validation
bp.Vars.ADAuthNoDomain = true;
}
ADAuthSettings
This variable enables you to configure specific authentication settings for each domain for validating users at login. The account used for each domain must have permission to open the Active Directory and validate credentials.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Configure specific administrator accounts to use to validate
//logins for 2 domains.
bp.Vars.ADAuthSettings.Add(new ADAuthSetting("MY_DOMAIN_1", "AD_Admin", "pwd1"));
bp.Vars.ADAuthSettings.Add(new ADAuthSetting("MY_DOMAIN_2", "AD_Admin", "pwd2"));
}
ADGrouphierarchy
This variable enables you to configure the type(s) of groups that the user is a member of when using the Active Directory Synch.
Values
|
VALUE NAME |
DESCRIPTION |
DEFAULT |
|---|---|---|
|
ADGroupHierarchyOptions.AllAuthGroups |
This will enable adding the user to every security group (even hierarchical) they are a member of. |
|
|
ADGroupHierarchyOptions.AllGroups |
This will enable adding the user to every group (security AND distribution) (even hierarchical) they are a member of. |
|
|
ADGroupHierarchyOptions.None |
setting will only add the users to the groups they are directly a member of. |
Default |
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// The default
// This will enable adding the user to every security group
// (even hierarchical) of which they are a member.
bp.Vars.ADGrouphierarchy = ADGroupHierarchyOptions.AllAuthGroups;
// This will enable adding the user to every group (security AND
// distribution, even hierarchical) of which they are a member.
bp.Vars.ADGrouphierarchy = ADGroupHierarchyOptions.AllGroups;
// This setting will only add the users to the groups of which they are
// directly a member
bp.Vars.ADGrouphierarchy = ADGroupHierarchyOptions.None;
}
AD_NormalOptions
Can be used to configure options used in the PrincipalContext to connect to the Active Directory server. See the Microsoft documentation for ContextOption Enumeration for a description of the options.
The available options are:
System.DirectoryServices.AccountManagement.ContextOptions.NegotiateSystem.DirectoryServices.AccountManagement.ContextOptions.SigningSystem.DirectoryServices.AccountManagement.ContextOptions.Sealing
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Set the flags for options for Active Directory
bp.Vars.AD_NormalOptions =
System.DirectoryServices.AccountManagement.ContextOptions.Negotiate;
}
ADSSLOptions
Can be used to configure options used in the PrincipalContext to connect to the Active Directory server for SSL encrypted sessions. See the Microsoft documentation for ContextOption Enumeration for a description of the options.
The available options are:
System.DirectoryServices.AccountManagement.ContextOptions.NegotiateSystem.DirectoryServices.AccountManagement.ContextOptions.SecureSocketLayer
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Set the flags for SSL options for Active Directory
bp.Vars.AD_SSLOptions =
System.DirectoryServices.AccountManagement.ContextOptions.SecureSocketLayer;
}
AD_SyncUsersByGroupRecurse
Can be used to disable group recursion for Active Directory synchronization, if needed. The default value for this variable is "true", and should usually remain so. An issue with Microsoft Windows 2016, however, may cause synchronization to fail when limiting synchronization to a specific user or group. Setting this value to "false" can serve as a workaround for this issue.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Disable group recursion for Active Directory synchronization
bp.Vars.AD_SyncUsersByGroupRecurse = false;
}
fADSyncAllowManagerOtherOU
This boolean variable, when set to "true" enables you to sync a manager with a user if the manager is synced from a different OU (AD Root Path) than the user. The default value of this variable is "false".
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
//Sync managers from a different OU than the users they manage
bp.Vars.fADSyncAllowManagerOtherOU = true;
}
fReenableUsersOnSync
This integer variable determines what happens to pre-existing disabled users on an AD Sync. If set, the sync will re-enable these users, but won't if the flag isn't set. The default value of this flag is ‘true’.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
bp.Vars.fReenableUsersOnSync = false;
}
nMinLDAPUsersWithGroupsBeforeDisable
This integer variable sets the minimum number of users that need to have groups before Process Director removes any group memberships during an Active Directory synchronization. The default value of this variable is 10.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
bp.Vars.nMinLDAPUsersWithGroupsBeforeDisable = 10;
}
Documentation Feedback and Questions
If you notice some way that this document can be improved, we're happy to hear your suggestions. Similarly, if you can't find an answer you're looking for, ask it via feedback. Simply click on the button below to provide us with your feedback or ask a question. Please remember, though, that not every issue can be addressed through documentation. So, if you have a specific technical issue with Process Director, please open a support ticket.
