Skip to main content

Active Directory Source Connector

The Active Directory source connector in DataSync lets you retrieve data from Active Directory server for loading or synchronizing in your data warehouse. It supports both unencrypted connections and secure connections over TLS/SSL. After creating all required source connections, configure your destination source to complete the connection setup.

Create a source connection in DataSync

  1. Log in to DataSync.
  2. From the welcome screen, select Connections.
  3. Next to Source Connections, click New.
  4. Select Active Directory.
  5. In the Connection Properties panel, enter the connection properties.
  6. (Optional) In the Additional Connection Properties panel, select Add property and enter the parameters for each property.
  7. In the Advanced Settings panel, configure the settings, including the Tracking Type and other values according to your requirements.
  8. Click Save.

Parameters

Connection properties

ParameterDescription
DescriptionUnique name for the connection. Example: Active Directory
ServerFully qualified domain name (FQDN) of the Active Directory server.
Example: ADServer.mydomain.local
PortPort the Active Directory server is running on. The default port is 389. If Enable Active Directory over TLS/SSL is selected, set the port to 636.
Enable Active Directory over TLS/SSLSecure connection to the Active Directory server. You must adjust the Port afterwards.
UsernameUsername in domain format. Example: DOMAIN\\jdoe
PasswordPassword for the specified username.
Search baseBase distinguished name (DN) for queries. Set to the root directory or a specific subtree. Common examples:
DC=mydomain,DC=local or OU=Users,OU=Canada,DC=mydomain,DC=local
Maximum number of recordsMaximum number of records returned. Set to -1 for no limit.
ScopeScope for directory search:

  • Whole Subtree – (Default) Search includes the search base and all descendants.
  • Single Level – Search includes the search base and direct descendants only.
  • Base Object – Search root of the search base only.
TimeoutTime in seconds to wait for connection opening and query execution before timeout.
Follow ReferralsOption to follow referrals returned by the Active Directory server.
Friendly GUIDFormat for GUID attributes (such as objectGUID).

  • When enabled, returns a human-readable string.
    Example: 708d9374-d64a-49b2-97ea-489ddc717703
  • When disabled, they are returned as base64-encoded strings.
Friendly SIDFormat for SID attributes (such as objectSID).

  • When enabled, returns a human-readable string.
    Example: S-1-5-21-4272240814-246508344-1325542772-12464.
  • When disabled, they are returned as base64-encoded strings.
Verbosity
  • 1 – Log queries, row counts, execution start/end, errors.
  • 2 – Includes level 1 plus cache queries, HTTP headers.
  • 3 – Includes level 2 plus request/response bodies.
  • 4 – Includes level 3 plus transport-level communication.
  • 5 – Includes level 4 plus all interface commands.
Enable PoolingConnection pooling option for performance.
Pool idle timeoutMaximum idle time for connections before returning them to the pool, in seconds.
Max Pool SizeMaximum number of connections allowed in the pool.
Pool wait timeMaximum wait time for connection allocation before error is thrown, in seconds.

Additional connection properties

Additional connection string properties not specified in the Connection Properties panel. For each property added, you can choose Visible or Encrypted. Selecting Encrypted hides the value from the interface and stores it encrypted in the back end, such as when defining passwords.

PropertyValue
SSLServerCert    Certificate definition for a TLS/SSL connection. Specify the server certificate to accept. Untrusted certificates are rejected. If not specified, any certificate trusted by the machine is accepted. Common examples:
PEM certificate
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
File path
C:\cert.cer
Public key
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----
MD5 thumbprint
ecadbdda5a1529c58a1e9e09828d70e4
SHA1 thumbprint
34a929226ae0819f2ec14b4a3d904f801cbb150d
AuthMechanismAuthentication mechanism:

  • SIMPLE – (Default) Default plain text authentication.
  • DIGESTMD5 – DIGEST-MD5 challenge/response authentication.
  • NEGOTIATE – NTLM/NEGOTIATE authentication.

Advanced settings

Advanced settings control how the Active Directory connector tracks changes, handles regional and time configuration, and processes data batches during extraction. These options allow fine‑tuning for performance and accuracy, and should be configured according to your system environment and operational requirements.

SettingDescription
Tracking TypeMethod for tracking changes: None or Date.
RegionRegion setting for the connector, if required by your setup.
Time ZoneTime zone matching the Active Directory application server.
Time OffsetRefresh offset in seconds to compensate for timing issues in record selection. Minimum value is 0; maximum is 3600 seconds.
Batch SizeQuantity of records processed in each batch during extraction. Larger batch sizes increase memory usage but can improve performance up to a point. The default value is 2000 and the maximum should not exceed 10000 records. Adjust according to your network speed and disk performance; in most cases the default (2000) works best.

Example


important

The Active Directory connector supports only the Truncate and Load option for running extractions.