7.0 working with microsoft active directory

7/29/2019 7.0 Working With Microsoft Active Directory

http://slidepdf.com/reader/full/70-working-with-microsoft-active-directory 1/42

SAP NetWeaver® Identity Management

Identity Center

Tutorial

- Working with Microsoft Active Directory

Version 7.0 Rev 2



© Copyright 2008 SAP AG. All rights reserved.

SAP Library document classification: PUBLIC

No part of this publication may be reproduced or transmitted in any form or for any purpose without the expresspermission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of othersoftware vendors.

Microsoft, Windows, Outlook, Excel, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400,iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS,AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPowerand PowerPC are trademarks or registered trademarks of IBM Corporation.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of AdobeSystems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registeredtrademarks of Citrix Systems, Inc.

HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium,Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented andimplemented by Netscape.

MaxDB is a trademark of MySQL AB, Sweden.

SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentionedherein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in severalother countries all over the world. All other product and service names mentioned are the trademarks of their respectivecompanies. Data contained in this document serves information purposes only. National product specifications mayvary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliatedcompanies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP

Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Groupproducts and services are those that are set forth in the express warranty statements accompanying such products andservices, if any. Nothing herein should be construed as constituting an additional warranty.



i

Preface

The productSAP NetWeaver Identity Management Identity Center is a high-end identity managementsolution, capable of handling a large amount of repositories containing an unlimited amount of information. The Identity Center offers a robust, flexible and scalable high-availability solutionfor workflow, provisioning, data synchronization and joining for a large number of datarepositories.

The reader

This manual is written for people who are going to use the Identity Center to set up

synchronization and joining of data from the various data sources into a target repository, in thiscase Microsoft Active Directory.

Prerequisites

To get the most benefit from this manual, you should have the following knowledge:

• Knowledge of Microsoft Active Directory.

• Basic knowledge of the Identity Center equivalent to the information in the documents[1],[2] and[3] (see Related documentsbelow).

The following software is required:

• SAP NetWeaver Identity Management Identity Center version 7.0 SP2 or newer must becorrectly installed and licensed. At least one dispatcher must be running.

• Microsoft Access 2000 or newer.

• Write access to a Microsoft Active Directory server.

The manual

This tutorial describes how the Identity Center can be used to manage synchronization and

joining of data from the data sources into a Microsoft Active Directory.

Person names used in this tutorial are fictional.




ii

Related documents

You can find useful information in the following documents:

[1] SAP NetWeaver Identity Management Identity Center Getting Started

[2] SAP NetWeaver Identity Management Identity Center Tutorial: Basic Synchronization

[3] SAP NetWeaver Identity Management Identity Center Tutorial: Working with directoryservers

[4] LDAP v. 3, RFC 2251, "Lightweight Directory Access Protocol (V3)"

[5] InetOrgPerson, RFC 2798, "Definition of the inetOrgPerson Object Class"

RFCs and Internet drafts can be downloaded fromhttp://www.ietf.org.


http://www.ietf.org/

http://www.ietf.org/



iii

Table of contents

Introduction........................................................................................................................................1

The scenario...............................................................................................................................................1

The data source...........................................................................................................................................2 Section overview........................................................................................................................................3

Section 1: Creating the job................................................................................................................4 Section 2: Creating the repository definitions.................................................................................6

Creating the AD repository definition........................................................................................................6

The constants..............................................................................................................................................8

Creating the People repository definition.................................................................................................10

Creating the PhoneList repository definition...........................................................................................14 Section 3: Creating users in Active Directory...............................................................................15

Reading the person objects.......................................................................................................................15

Creating the Active Directory users.........................................................................................................18 Section 4: Setting the passwords and enabling the users.............................................................23

Creating a job constant.............................................................................................................................23

Setting the passwords and enabling AD users..........................................................................................24 Section 5: Reading contacts from Active Directory......................................................................29 Section 6: Creating a telephone list................................................................................................32 Section 7: Adding a delta database.................................................................................................35




iv




1

Introduction

SAP NetWeaver Identity Management Identity Center Tutorial - Working with Microsoft Active Directory

Introduction

This manual gives an introduction to how you can use SAP NetWeaver Identity ManagementIdentity Center to work with Microsoft Active Directory. You will create users in Active

Directory and you will also create a phone list of the contacts defined in the directory.

The scenario

We will read data from a Microsoft Access database, people.mdb, and use this to create users inActive Directory. Active Directory acts as a data source as well in this tutorial – we read ActiveDirectory contacts to produce a text file TelephoneList.txt.




2

Introduction


The data source

The data source, a Microsoft Access databasepeople.mdb, used in this tutorial is included withthe installation. The file is located in the\Tutorial\Data sourcedirectory. In this tutorial the

default installation folder is used, which isC:\Program Files\SAP\IdM\Identity Center. The Microsoft Access databasepeople.mdbholds the basic information about the person objects(people in the organization). This database has the following fields:

• EmployeeID

• Surname

• Given name

• Department

• Location




3

Introduction


Section overview

The tutorial consists of the following sections:

Section 1: Creating the job In the first section you create the job.

Section 2: Creating the repository definitions In this section we create a repository definition forActive Directory, the database filepeople.mdband thetarget text file TelephoneList.txt.

Section 3: Creating users in Active Directory This section describes how you create users in ActiveDirectory using a template.

Section 4: Setting the passwords and enablingthe users

Here you will set default passwords and enable theusers you created with the previous pass.

Section 5: Reading contacts from ActiveDirectory

This section shows how you can read contacts fromActive Directory.

Section 6: Creating a telephone list In this section we create a text file with the telephonelist of the contacts we read in the previous pass.

Section 7: Adding a delta database Finally we will add a delta database to increaseperformance.




4

Section 1: Creating the job



To create the job:

1. Start the Identity Center. Before creating a job, we choose to create a new folder for this

tutorial. Select the Identity Center's entry in the console tree, chooseNew/Folder… fromthe context menu and enterActive Directoryas the name of the folder.

2. Select the folder you just created in the console tree and chooseNew/Empty job from thecontext menu.




5



The job is created as a Java job as default. In this tutorial, the "Set password on AD users"pass created in Section 4 needs a Windows runtime engine with VBScript as a scriptlanguage to run. We therefore choose to change the default values in the "Runtime engine"and "Script language" fields.

Fill in the fields as shown above:Change the name of the job in the console tree.

Select "Enabled".

Select "Windows" in the "Runtime engine" field. A dialog box will appear informing thatchanging to the Windows runtime engine is not recommended (only should be used forspecial purposes). In this tutorial we choose to use the Windows runtime engine anyway.Choose "OK" to close the dialog box.

Select "VBScript" in the "Script language" field.

Select the dispatcher in the list "Run by dispatchers".

3. Choose "Apply".Now the job is ready for execution.




6

Section 2: Creating the repository definitions



Before creating the passes in the job, we add repository definitions for your repositories. Wewill create repository definitions for Active Directory, the database filepeople.mdband the

target text file TelephoneList.txt.

Creating the AD repository definition

To create the repository definition:

1. Start the repository wizard by selecting the Identity Center’s "Repositories" node in theconsole tree, and choosingNew/Repository from the context menu.

2. Choose "Next >".

Select "Directory" as the repository template.




7



3. Choose "Next >".

You can give a repository definition any name, but in this tutorial we name the directoryrepository definitionAD.

4. Choose "Next >".

Fill in the repository constants needed to connect to your Active Directory.

Leave the task references and the field "Naming attribute" as they are.

5. Choose "Next >" and then "Finish" to insert the new repository definition.




8



The constants

When you create the repository definitions, you enter a number of constants to access therepositories. Expand the repository definition in the console tree and select "Constants":

Here you see all the constants that were created by the wizard. These constants contain thevalues that are used in the passes then indicated by the prefix "rep". If you need to change them,you do so here.

Defining the DN as a repository constant

To avoid entering the full distinguished name string every time you need to supply it, we createa new repository constant namedDN in the repository definition for the Active Directory.

To create the new repository constantDN:

1. Select theAD repository definition's "Constants" in the console tree and chooseNew/Constant… from the context menu.

Fill in the fields:

Name Name the constantDN.

Value Type the distinguished name string for the Active Directory users.

We want to use theEmployeeID attribute of the data source (people.mdb) as the uniqueidentifier for the entries. This is indicated by using the data source attribute%EmployeeID%.

When using this constant (DN) in a pass, it is referenced to as %$rep.DN%.

2. Choose "OK".




9



The new constant is now inserted and can be referenced to in the job passes.




10



Creating the People repository definition

The next step is to add the repository definition for thepeople.mdbdatabase.

To create the repository definition:

1. Start the repository wizard by selecting the Identity Center’s "Repositories" node in theconsole tree, and choosingNew/Repository from the context menu.

2. Choose "Next >".

Select "Database" as the repository template.

3. Choose "Next >".

Name the database repository definitionPeople(for people.mdb).




11



4. Choose "Next >".

Since we are only using Windows runtime engine, we only need to define the OLE DBconnection string.

To create the OLE DB connection string, click inside the "OLE DB connection string" fieldand the "…" button will appear.

5. Choose the "…" button and select "Define data link…" that opens the Microsoft Windows"Data Link Properties" dialog box.

Select the "Microsoft Jet 4.0 OLE DB Provider" in the "Provider" tab.




12



6. Choose "Next >".

In the "Connection" tab, choose "…" to the right of the field to select the database filepeople.mdb, and then choose "Open".

7. Choose "Test Connection" to verify that you connect to thepeople.mdbcorrectly.

A "Microsoft Data Link" dialog box will show the result of the connection test. Choose"OK" to close the "Microsoft Data Link" dialog box and return to the"Data Link Properties" dialog box.




13



8. Choose "OK" to close the "Data Link Properties" dialog box and return to the repositorywizard.

The OLE DB connection string is now inserted in the "OLE DB connection string" field andshould look something like this:

Provi der=Mi cr osof t . J et . OLEDB. 4. 0; Dat a Sour ce=C: \ Progr amFi l es\ SAP\ I dM\ I dent i t yCent er \ Tut ori al \ Dat a sour ce\ peopl e. mdb; Per si st Secur i t y I nf o=Fal se

9. Choose "Next >", and then "Finish" to insert the new repository definition.




14



Creating the PhoneList repository definition

The procedure for creating a repository definition for the target text file TelephoneList.txt, isquite similar to the previous two procedures.

Select "File" as the repository template and name the repository definition PhoneList. Whenasked to fill in the file name in the "File name" field, instead of selecting an already existingfile, you create the file TelephoneList.txt. You do this in the following way:

1. Click inside the "File name" field.

The "…" button will appear.

2. Choose "…" to create the file TelephoneList.txt like shown below:

3. Choose "Open" to return to the repository wizard.

4. Choose "Next >", and then "Finish" to insert the new repository definition.




15

Section 3: Creating users in Active Directory



In this tutorial, we will be reading users from the database filepeople.mdband then create theseusers in Active Directory.

You first add a From-pass, to read the contents of the data source (people.mdb) into a temporarytable in the Identity Center database. You then read from this table in the To-pass that createsthe users in Active Directory. We name the From-pass "Read person objects". The To-pass isnamed "Make Active Directory users".

Reading the person objects

To create the From-pass that reads the persons from a data source:

1. Select the job you created in the console tree and chooseNew/From Databasefrom thecontext menu.

2. Choose the "Repository" tab.

Modify the pass name in the console tree.

Fill in the "Repository" field by selecting thePeoplerepository definition.




16



3. Select the "Source" tab and fill in the fields:

From database Choose "%$rep.OLEDBCONNECTION%" from the "Constants" in the context menu. Theprefix "rep" indicates that this constant is referring to a constant defined in the repositorydefinition, in this case to the OLE DB connection string defined in thePeoplerepositorydefinition for the database filepeople.mdb.

SQL statement

This SQL statement retrieves all entries from the database.4. Select the "Destination" tab.




17



Fill in the fields:

Database Choose "%$ddm.identitycenter% from the "System parameters" in the context menu tospecify that you want to use the Identity Center database as the destination for this pass. In

this tutorial we use Microsoft SQL Server 2005 as this is our Identity Center database, butyou are not limited to using the Identity Center database for this purpose.

Table name You can use any table name you wish, as long as it follows the naming standard of thetarget database. In this tutorial we choosetutorial_personsas the table name in the IdentityCenter database. This table will be created automatically.

Definitions Choose "Insert template" above the grid and select "Data source template" to create atemplate based on the source file. This will read the source (in this case thepeople.mdb file)and insert definitions based on the data read. This is also a test that the database is correctlyconfigured. It is not necessary to modify the template.

5. Choose "Apply".

Running the job

Run the job to make sure there are no errors.

All people are now read from thepeople.mdb file into thetutorial_personsdatabase table.




18



Creating the Active Directory users

To create the To-pass that makes Active Directory users, we will use a pass template thatcreates the necessary definitions:

1. Select the pass you just created in the console tree and chooseNew/Run pass wizard… from the context menu.

2. Choose "Next >".

Move down to the directory Identity Center/J obs/Active Directory and choose the "CreateActive Directory user" template as shown above.

3. Choose "Next >".

Select repository definitionAD.




19



4. Choose "Next >".

5. Review the constants. The wizard will automatically fill in the constants defined for AD repository definition. Double-click inside the field to edit those constants you wish tochange (if needed), then choose "Next >".

6. Choose "Finish" to complete the wizard. The pass is included in the console tree and thepass properties are displayed in the details pane:

The "Documentation" tab contains a detailed description of the template. Modify the passname in the console tree.




20



7. Select the "Source" tab:

Fill in the following fields:

Database Choose "%$ddm.identitycenter%" from "System parameters" in the context menu to specifythat you want to use the Identity Center database as the data source for this pass.

SQL statement Here we use the SELECT TOP n SQL statement, wheren is a number. This statementselects the top n rows from the specified database table, in this case it selects the top five (5)entries from thetutorial_personstable. This SQL statement is Microsoft SQL Serverspecific. Y ou need to use the syntax of the database in use.

We use this statement during development and testing of the job, to limit the number of users to create. This statement can be replaced with an SQL statement that creates users forall entries in the table, SELECT * FROM t ut ori al _per sons.




21



8. Select the "Destination" tab:

The template has inserted a number of definitions that create one specific user in ActiveDirectory with hard coded values for the attributes. Use the context menu to insert sourceattributes as variables in the definitions, as shown in the example above. Y ou normallysubstitute all instances of Dummyuser with variables from the data source.

Note: Both the dn and samaccountname attributes must be unique within the domain where youcreate the user. You may get an LDAP error if you try to create a user that already exists.Modifying of the "displayName" attribute, if you are using an LDAP client that uses thisattribute to display the users, is useful. Another thing that can be useful is to create a newfolder dedicated to test users created in this tutorial, to separate them from the actual usersin the AD.

The users we create will initially be disabled. This is specified by the attributeuseraccountcontrol. The default value is 546, which means a normal disabled account thatdoes not require a password. For more information about this attribute, seehttp://support.microsoft.com/default.aspx?scid=kb;en-us;305144.

9. Choose "Apply". This pass will now create a user in Active Directory for each of the fiveentries from the source.

10. Run the job and verify that it runs without errors. Use an LDAP client or an AD console toview the contents of the directory server. You should now see five (5) users created.

11. Disable the pass by using the context menu before you continue.

During development, we want to save time by disabling passes which are not necessary to run.In this case, when thepeople.mdbdatabase has been read into the temporary table, there is noneed to run this pass every time we test the job.


http://support.microsoft.com/default.aspx?scid=kb;en-us;305144

http://support.microsoft.com/default.aspx?scid=kb;en-us;305144



22



When the job is complete, we can again enable all passes.

Note: If the job fails or runs with errors, you may need to clean any contents that may have beencreated by the job in the directory before running the job again.




23

Section 4: Setting the passwords and enabling the users



The next step is to create the pass that will set the passwords and enable the users. Enabling theusers can also be done separately with another pass template.

In this tutorial, we will create all users with the same hard-coded password. We create a jobconstant to hold the initial password. We name this constant DEFAULT_PASSWORD.

Creating a job constant

To create the new job constantDEFAULT_PASSWORD:

1. Select "J ob constants" in the console tree and chooseNew/Constant… from the contextmenu.

Fill in the fields:

Name Name the constantDEFAULT_PASSWORD.

Value Type in the password you wish to set for the Active Directory users. This is a defaultpassword that users might need to change at first logon.

Check the "Encrypt value" field.

2. Choose "OK".

The new constant is now inserted and can be referenced to in the job passes.




24



Setting the passwords and enabling AD users

To create the pass that sets the passwords and enables the users in Active Directory we use the"Windows-Set Active Directory password" template:

1. Select the pass you just created, and chooseNew/Run pass wizard… from the contextmenu to start the pass wizard.

2. Choose "Next >".

Move down to the directory Identity Center/J obs/Active Directory and choose the"Windows-Set Active Directory password" template.

3. Choose "Next >".

Select repository definitionAD.




25



4. Choose "Next >".

Review the constants – fill in/correct if necessary. The wizard will automatically fill in theconstants defined for AD repository definition. Double-click inside the field to edit thoseconstants you wish to change. Leave the "OU where users reside" field as it is.

5. Choose "Next >" and then "Finish" to complete the wizard.

The pass is included in the console tree and the pass properties are displayed in the detailspane. The "Documentation" tab contains a detailed description of the template.

Modify the pass name in the console tree.




26



6. Select the "Source" tab:

The "Windows-Set Active Directory password" template creates a pass with identity storeas a database source in the "Source" tab. In this tutorial, we do not use the identity store.Instead we choose the Identity Center database as our source.

7. Deselect "Use identity store".

Modify the source of this pass to be the same as the source of the previous pass. You can

copy the values.




27




The definitions in this pass will set a given password for the specified users. Modify theattributes:

RD: Change the value of the attribute to%$rep.DN%by using the context menu.

PWD: The default value for the password should be the constant you specified earlier. Add the jobconstant "%$DEFAULT_PASSWORD%" by using the context menu, replacing the"%MX_ENCRYPTED_PASSWORD%".

The pass references three scripts that are included in the template. You can view the scriptsby choosing "Edit" to the right of the scripts.

pwdopen: The destination is opened and the connection established by this script.

pwdnext: This script sets the password and enables each user specified. If the attributePWD has a

value with length less than 1, that is, if the password is not defined, this pass will set adefault password "Password1".

pwdclose: The connection to the destination is closed by this script.

9. Run the job and verify that the pass executes without errors.




28



Note: If the job fails, or runs with errors like those presented in the illustration below, you might wantto check that your Identity Center instance is on the same domain as the AD. An attempt to setpasswords for the AD users from a different domain will raise some security issues and thepasswords will not be set.

10. Disable the pass before you continue.




29

Section 5: Reading contacts fromActive Directory


Section 5: Reading contacts from Active Directory

The next task is to produce a telephone list from the contacts defined in the Active Directory.

Note:

If you need to add contacts to your Active Directory, you can do that by using the template"Create Active Directory mail-enabled contact".

1. Select the pass you just created and chooseNew/From LDAP directory from the contextmenu. The pass is included in the console tree:

Modify the name of the pass in the console tree and fill in the "Repository" field byselecting theAD repository definition.




30



2. Select the "Source" tab and fill in the fields in the following way:

LDAP URL Choose "…" to the right of the field to open the "LDAP search parameters" dialog box:

Fill in the fields as shown above. Use the context menu to insert the constants. The "Filter"is set to an object class that is in use in the Active Directory. In this example "contact" isused. To be able to produce a telephone list as described later in this document, the entries

returned from the server must have the attributesgivenName, snand telephoneNumber. If the entries do not have these attributes, you must modify the pass to include other attributes.

Choose "OK" to close the dialog box.

Directory login name Insert the constant "%$rep.LDAP_LOGIN%" by using the context menu.

Directory login password Insert the constant "%$rep.LDAP_PASSWORD%" by using the context menu.




31




Fill in the fields in the following way:

Database Choose "%$ddm.identitycenter%" from "System parameters" in the context menu to specifythat you want to use the Identity Center database as the destination database for this pass.

Table name Enter tutorial_ADContacts as the name of the table in the database. The table will becreated when you run the pass for the first time.

Definitions Choose "Insert template" above the definition grid and then "Data source template" to insertdefinitions based on the attributes of the entries in the directory.

4. Choose "Apply".

5. Run the job, and then disable the pass before you continue.




32

Section 6: Creating a telephone list



In the last pass, we will create a CSV file containing the phone numbers for the contacts wefound in the previous pass.

1. Select the pass you just created and chooseNew/To ASCII filefrom the context menu. Thepass is included in the console tree:

Modify the name of the pass in the console tree and fill in the "Repository" field byselecting thePhoneList repository definition.




33



2. Fill in the fields on the "Source" tab in the following way:

Database Choose "%$ddm.identitycenter%" from "System parameters" in the context menu to specifythat you want to use the Identity Center database as the data source for this pass.

SQL statement

Enter the following SQL statement, or create your own:SELECT gi venName, sn, t el ephoneNumber FROM t utor i al _ADContact s;

3. Select the "Destination" tab and fill in the fields in the following way:




34



File name Choose "%$rep.FILENAME%" from the context menu.

Generate CSV file Select "Generate CSV file".

Make sure "Include CSV header" is selected.Enter ; (semi colon) as the "CSV delimiter".

Definitions Choose "Insert template" above the definition grid and then "Data source template" to inserta template based on the data source.

4. Choose "Apply".

5. Run the job and verify that it runs without errors.

Open the text file by double-clicking the file in the "File name" field. It may look somethinglike this:




35

Section 7: Adding a delta database



To optimize the data processing, you can add a delta database to the passes.

In this job, there are two passes where it is meaningful to add a delta database, and that is the

"Make Active Directory users" pass and the "Set password on AD users" pass that write to theActive Directory. The purpose of the delta database is to ensure that only changesare written tothe target. Without the delta database, the job will attempt to write or modify everything to theActive Directory each time it runs. In addition, the delta database can be used to detect deletedentries, in which case you can select to restore those you want.

For the two last passes where we read the contacts and create the telephone list, we want allentries to be processed, not only the changes. So here we do not use the delta.

To configure the delta:

1. Select the "Make Active Directory users" pass and select the "Delta" tab:

Fill in the fields with the following values:

Enable delta Select this check box to enable the delta function.

Delta database Choose "%$ddm.identitycenter%" from "System parameters" in the context menu to specifythat you want to use the Identity Center database as the delta database for this pass.

Delta identifier This identifier is used to identify this pass' delta information. If you are using the same deltadatabase to hold delta information from several passes, you must ensure that the deltaidentifier is unique.

Automatic deletion Select both check boxes as this is the pass that creates or removes the entries from the

Active Directory depending on whether or not they exist in the data source.

2. Choose "Apply".




36



3. Do the same for the "Set password on AD users" pass.

You can use the same delta database, but specify another delta identifier. Also make surethat you do not select the check boxes in the group "Automatic deletion", as this pass is notused to create or remove entries from the Active Directory.

4. Choose "Apply".

You can now try to add, edit and remove users from the source databasepeople.mdb, usingMicrosoft Access, and run the job each time you make changes in the source. Remember toenable all passes before running the job.

Looking at the job log (select "Job log" in the console tree), you should now see the number of adds, modifies and deletes. Operation code "noop" shows that no entries are written to thetarget.

7.0 working with microsoft active directory

Documents