CalGroups - AD Sync Tips and Tricks

Timing

  • Allow at least 15 minutes for changes that you make in CalGroups to be reflected in AD.

Group Syncing

  • Syncing from CalGroups to AD will be “flat”.  That means that synced group in AD will consist of only the direct and indirect members of the group.   If you are syncing a nested group, you will NOT see the nested group IDs  in the synced AD group.

  • Your CalGroup’s group ID (not the group name) will be synced to AD as the cn and the samAccountName.  By default, the CalGroups group name and ID are the same but you have the ability to edit the CalGroup group ID.  If you do so and your group name and group ID are different, please make sure that you’re looking for the group ID and not the group name in AD.

  • Once your group is synced to AD, you may use it to access resources in AD, like any other AD group.

  • Syncing will be faster if you create your group and add members before you sync it to AD.

  • If you change your CalGroups - AD sync to "No" from "Yes", that group will disappear in AD.  If you switched the sync back to "Yes", that group will re-appear.

  • If you delete your group in CalGroups, that group will be deleted entirely in AD also.

  • Except for Title Code groups, all other official groups are synced to AD.

  • Note: Special Purpose Accounts (SPAs) and CalNet Sponsored Guest Accounts do not sync to AD.

Group Management

  • If you have a group that's already synced, any member you add or delete will be reflected AD.  Allow at least 15 minutes for the changes to occur.

  • As of now, you can sync groups of 350 members or less. Any update that would result in the total group membership to be greater than 350 will fail. For example, if you already have a group that’s synced with 100 members and then add another 400, none of the 400 members you added will be synced. The original members will still be synced, however.

Important Note About Privacy!

  • Any group you sync to AD will be visible to anyone with an account in AD. If you need to obfuscate your group name, you can change the CalGroups group ID since it’s the group ID (and not the group name) that syncs to the cn and samAccountName in AD.