Skip to main content

Active Directory Source Connector

The Active Directory source connector lets DataSync retrieve data from Active Directory server and load it into your data warehouse. It supports both unencrypted connections and secure connections over TLS/SSL. Once your source connection is ready, configure your destination connection to finish the setup.


important

The Active Directory connector supports only the Truncate and Load option for running extractions.

Create the source connection in DataSync

  1. Log in to DataSync.
  2. From the welcome screen, select Connections.
  3. Next to Source Connections, click New.
  4. Select Active Directory.
  5. Enter all required connection properties.
  6. (Optional) In the Additional Connection Properties panel, click Add property and enter any extra parameters you need.
  7. Configure the advanced settings to match your environment, including Tracking Type.
  8. Click Save.

Connection properties

PropertyWhat to enter
DescriptionUnique name for the connection. Example: Active Directory
ServerDomain name of the Active Directory server. Example: ADServer.mydomain.local.
PortPort the Active Directory server is running on. Default: 389. If you enable Enable LDAP over TLS/SSL, use port 636 instead.
Enable Active Directory over TLS/SSLSecures the connection using TLS/SSL encryption.
UsernameLogin account in domain format. Example: DOMAIN\\jdoe.
PasswordPassword for this account.
Search baseBase distinguished name (DN) for queries. Set to the root directory or a specific subtree. Example: DC=mydomain,DC=local or OU=Users,OU=Canada,DC=mydomain,DC=local.
Maximum number of recordsMaximum number of records returned. Set to -1 for no limit.
ScopeDepth of the directory search.
  • Whole Subtree searches the base and all descendants. This is the default.
  • Single Level searches the base and direct descendants only.
  • Base Object searches the root of the search base only.
TimeoutTime in seconds to wait before a connection attempt or query execution times out.
Follow ReferralsFollows referrals returned by the Active Directory server to retrieve data from other directory partitions.
Friendly GUIDControls how GUID attributes such as objectGUID are returned. When enabled, values are returned as readable strings. Example: 708d9374-d64a-49b2-97ea-489ddc717703. When disabled, values are returned as base64-encoded strings.
Friendly SIDControls how SID attributes such as objectSID are returned. When enabled, values are returned as readable strings. Example: S-1-5-21-4272240814-246508344-1325542772-12464. When disabled, values are returned as base64-encoded strings.
VerbosityControls how much detail the connector writes to the log. Each level includes everything from the level below it, plus additional detail.

  • 1 logs queries, row counts, execution start and end times, and errors.
  • 2 adds cache queries and HTTP headers.
  • 3 adds request and response bodies.
  • 4 adds transport-level communication.
  • 5 adds all interface commands.
Enable PoolingEnables connection pooling, which keeps a set of database connections open and reuses them across extractions instead of opening a new connection each time. This reduces overhead and improves performance when multiple extractions run at the same time.
Pool idle timeoutTime in seconds a connection can stay idle before returning to the pool.
Max Pool SizeMaximum number of connections allowed in the pool at the same time.
Pool wait timeTime in seconds DataSync waits for an available connection before throwing an error.

Additional connection properties

Additional connection string properties not specified in the Connection Properties panel. For each property added, you can choose Visible or Encrypted. Selecting Encrypted hides the value from the interface and stores it encrypted in the back end, such as when defining passwords.

PropertyWhat to enter
SSLServerCertCertificate used to validate the TLS/SSL connection. If not specified, any certificate trusted by the machine is accepted. Accepted formats:
  • PEM certificate: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
  • File path: C:\cert.cer
  • Public key: -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----
  • MD5 thumbprint: ecadbdda5a1529c58a1e9e09828d70e4
  • SHA1 thumbprint: 34a929226ae0819f2ec14b4a3d904f801cbb150d
AuthMechanismAuthentication mechanism used for the connection.
  • SIMPLE for standard plain text authentication. This is the default.
  • DIGESTMD5 for challenge and response authentication.
  • NEGOTIATE for NTLM authentication.

Advanced settings

These settings control how the connector tracks data changes, handles time and regional configuration, and processes records during extraction. Configure them to match your Active Directory environment so that results stay accurate and consistent.

SettingWhat to select
Tracking TypeMethod for tracking data changes: None or Date.
RegionRegion setting for the connector, if required by your setup.
Time ZoneTime zone matching your Active Directory environment.
Time OffsetRefresh offset in seconds to compensate for timing issues in record selection. Minimum 0, maximum 3600.
Batch SizeNumber of records processed per batch during extraction. Larger batches can improve performance but use more memory. Default is 2000, maximum is 10000. Adjust based on your network speed and disk performance. The default works well in most cases.

Example setup

Active Directory source connection in DataSync
Completed Active Directory source connection in DataSync, with all properties and settings filled in.