Using the Active Directory Connector can allow you to avoid the duplicate, complex, and thus error-prone administration of the directory service objects of your Active Directory (AD). This UCS component allows you to merge an existing AD with a domain administrated with UCS. In this way, you can set up synchronization between Microsoft Windows Active Directory and Univention Corporate Server. The synchronization includes encrypted passwords, group definitions, and computer definitions as well as other directory service objects.
When using the Active Directory Connector, there are two operating modes to choose from: you can either add UCS as part of an existing Windows Active Directory domain or run the UCS directory service with OpenLDAP in parallel to the AD.
UCS as part of an Active Directory domain
If you are integrating UCS into an existing Windows Active Directory domain, install the management system as a full-fledged member. In this mode, your domain’s Active Directory remains the primary directory service and no changes are made to the domain.
In this application of the Active Directory Connector, you are expanding your existing Windows domain with all the functions of UCS. Among other things, you can employ UCS as a platform, allowing you to install apps such as ownCloud, Kopano, Nextcloud, and Open-Xchange from the Univention App Center and make them available to users.
As there are established authentication services in place for all hosted apps, the native Active Directory domain is utilized as the primary solution for identity management. This facilitates the efforts required on the part of administrators considerably.
Running Active Directory and UCS domains in parallel
With the Active Directory Connector app, you can run UCS in parallel to an AD. The automatic synchronization between UCS and Windows Active Directory ensures data such as users, groups, and passwords are maintained both in the AD and in the LDAP. This allows both unidirectional and bidirectional synchronization and ensures that Microsoft Windows and UCS environments can be operated in parallel without any problems and without considerable administrative effort. In addition, multiple Microsoft Windows domains can also be synchronized at the same time. This allows effective set-up of an Open Source metadirectory, via which independent Windows domains and a whole range of additional infrastructure components can be administrated.
Replacing existing Active Directory domains with UCS
The Active Directory Takeover component is available in the App Center for replacement of an existing Microsoft Windows Active Directory. The UCS Samba domain controller takes over the data from the Windows Active Directory domain controller and adopts its functional role for the environment. Further information on the Active Directory Takeover app can be found in the Univention App Center.