Create AD user to sync with already existing alfresco user

cancel
Showing results for 
Search instead for 
Did you mean: 
john2994
Active Member

Create AD user to sync with already existing alfresco user

Jump to solution

I need to create a user in AD and sync it with already existing user in alfresco. If i create a user in AD with the same username and password as in alfresco will it "connect" to the existing user in alfresco ? What global properties for sync do i need to add in order to not recreate the user in alfresco (or change his/her password)? Thanks in advance.

2 Solutions

Accepted Solutions
cristinamr
Advanced

Re: Create AD user to sync with already existing alfresco user

Jump to solution

Thanks for the detailed explanation. You cannot do that.  At least in my knowledge. You cannot sync the user and password from Alfresco and load it into AD, sorry. Not at least configuring the sync on your AD.

You may need to think in other options, e.g., develop a process which extract all user's info and load into your AD (as CSV, for example).

Cheers,

Cristina.

--
VenziaIT: helping companies since 2005! Our ECM products: AQuA & Seidoc

View solution in original post

heiko_robert
Senior Member

Re: Create AD user to sync with already existing alfresco user

Jump to solution

Alfresco and MS AD don't store clear text passwords, but the hash values using configurable hash algorithms.

Theoretically you can extract the hashes and the used hash algorithm from the Alfresco database and copy that to AD but there is no official support or API I know of from MS to do that. So you would need to hack the AD sync protocol. Depending on the Alfresco and AD version the hash algorithms differ, so you don't have any chance since the hash is not revertable by design.

A more practicable way would be to extract only the readable user properties (except password) using a simple javascript inside Alfresco, store the data in a file like CSV and write another windows batch script to run on the AD server which creates only once the users in AD with new passwords. You may send emails to the users with the new password in the same script.

View solution in original post

4 Replies
cristinamr
Advanced

Re: Create AD user to sync with already existing alfresco user

Jump to solution

Good morning.

When I needed to connect AD with Alfresco I didn't have much problems. I will suggest you to take a look in the Alfresco documentation, you have there everything explained! If you have any doubt please let us know and we will help you.

Please test first in your local machine. You have here an example. And here a post on this forums.

Cheers,

Cristina.

--
VenziaIT: helping companies since 2005! Our ECM products: AQuA & Seidoc
john2994
Active Member

Re: Create AD user to sync with already existing alfresco user

Jump to solution

I have already read this article, but it didnt solve my problem,  all i need is to sync users from alfresco (that are already created) with Active Directory. For example: 
I am not using any AD and i have an alfresco user with username: john22 with password: 1234567890. Now i need to add AD so that the alfresco user john22 have sync with AD (have created there).
If i am creating user in AD, there is no problem, synchronization works fine and i can login in alfresco share , but when it cames to sync from alfresco to AD, users from alfresco doesnt synch with AD.



cristinamr
Advanced

Re: Create AD user to sync with already existing alfresco user

Jump to solution

Thanks for the detailed explanation. You cannot do that.  At least in my knowledge. You cannot sync the user and password from Alfresco and load it into AD, sorry. Not at least configuring the sync on your AD.

You may need to think in other options, e.g., develop a process which extract all user's info and load into your AD (as CSV, for example).

Cheers,

Cristina.

--
VenziaIT: helping companies since 2005! Our ECM products: AQuA & Seidoc
heiko_robert
Senior Member

Re: Create AD user to sync with already existing alfresco user

Jump to solution

Alfresco and MS AD don't store clear text passwords, but the hash values using configurable hash algorithms.

Theoretically you can extract the hashes and the used hash algorithm from the Alfresco database and copy that to AD but there is no official support or API I know of from MS to do that. So you would need to hack the AD sync protocol. Depending on the Alfresco and AD version the hash algorithms differ, so you don't have any chance since the hash is not revertable by design.

A more practicable way would be to extract only the readable user properties (except password) using a simple javascript inside Alfresco, store the data in a file like CSV and write another windows batch script to run on the AD server which creates only once the users in AD with new passwords. You may send emails to the users with the new password in the same script.