Skip to end of metadata
Go to start of metadata

Overview

Users stored in the company's Active Directory (or any other LDAP server) can be synchronized by the Verba database. It can be administered on the web interface under the Administration / Active Directory Synchronization menu item.

We suggest that you should create two AD groups:

  • one for the administrators and supervisors that won't be recorded, but need access to the web application interface
  • another one for the recorded users. 
If you delete a user from your Active Directory Verba won't delete the user from it's database. Instead of that the system will invalidate that user. This way functions/calls are not "lost", e.g. searching back for the user in the Users Call list is available, the name of the user is displayed in the call lists. Invalidating the user will disable the user login by setting the Valid To field to the current date and time. Invalidated users have symbol next to their name.
Synchronization Interval and Run Now Feature

The synchronization process might take long time (especially if there are many synchronized users) so it is scheduled to run once a day at 1 AM.

For testing purposes and urgent cases, the synchronization can be started on the web interface. After creating and saving your profile (see below) you can start the synchronization under Administration / Active Directory Synchronization / Run Each Active Directory Profile Now.

It is also possible to run the configured synchronization profiles individually. In order to do that navigate to the Administration / Active Directory Synchronization menu, select the syncronization profile you want to run, then click on the Run this Active Directory Profile Now link. This method also runs the profile if the Automatic Rollback Threshold on Invalidated Users setting is reached.

Adding new Active Directory Profile

Multiple Active Directory Profiles can be set up in Verba so multiple AD servers or users with different privileges can be synchronized. The profiles will always be executed in a configurable order, and each user will be processed by only one Active Directory Profile, so the Profile with the smaller sequence will process users read from multiple profiles.

Navigate to Administration / Active Directory Synchronization and select the Add new Active Directory Profile option on the top right corner of the page.

LDAP Directory Information Section

Configuration Parameter Name

Description

Sample Value

Description

The profile's talkative nameRecorded Users
EnabledDisabled profiles will not be synchronized.Yes
SequenceEach user will be processed by only one Active Directory Profile, so the Profile with the smaller sequence will process users read from multiple profiles.100
LDAP HostHost name of the AD / LDAP server.ad.mycompany.com
LDAP PortPort number of the AD / LDAP server. Default port is 389 (636 if SSL is used), Active Directory Global Catalog Forest-Wide port is 3268 (3269 if SSL is used).389
Use SSLIf enabled Verba uses secure connection to connect to your LDAP host. 
Character EncodingWhat character encoding should be used when reading from the AD / LDAP server.ISO-8859-1
LDAP User Distinguished Name or Domain User NameThe full user name that Verba will use when connect to the AD / LDAP server. This account should have the proper privileges to read the synchronized users. For anonymous logon, leave it empty. mycompany\verba_account
LDAP PasswordThe password that Verba will use when connect to the AD / LDAP server. For anonymous logon, leave it empty. secret
LDAP User Search BaseThe DN of the container where the synchronized users can be found. Base DNs can be fetched by the button next to the input field. OU=Users,DC=mycompany,DC=com
LDAP Search FilterA valid LDAP Search expression that will be used to filter the entries under LDAP User Search Base.

(&(objectclass=person)(memberOf=CN=Verba_Group,DC=yourdomain,DC=com))

Please make sure that there is no space character at the end!

Search EntryFill it with either a simple string like 'Verba_Rec*' or with a valid LDAP filter like (CN=Verba_Rec*)
 
Simple PagingAllows Verba to synchronize more than 10,000 people. Turn this option on if the number of users may exceed 10,000. 
Follow ReferralsIndicates how to handle referrals. If checked Verba follows referrals. If unchecked Verba ignores referrals.checked
Dereference Policy

The dereference policy is an element of a search quest that specifies how Verba should handle alias entries that may be encountered during search processing.

Allowed alias dereference policy values include:

  • Never: Indicates that Verba should not dereference any aliases that it encounters.
  • Searching: Verba should dereference any entries within the scope of the search operation to determine whether they match the search criteria. The entry specified as the search base DN will not be dereferenced.
  • Finding: Verba should dereference the entry referenced as the search base DN if it is an alias, but any other alias entries within the scope of the search operation will not be dereferenced.
  • Always: Verba will dereference any alias entries within the scope of the search operation and will also dereference the base entry if it is an alias.

 

Never

Synchronized LDAP Attributes Mapping Section

Configuration Parameter Name

Description

Sample Value

Display Name

LDAP attribute name that stores the users' full name.

cn

Login IDLDAP attribute name that stores the users' account name.sAMAccountName
User Matching ID  
E-mail AddressLDAP attribute name that stores the users' email addressmail
Custom User FieldsYou can create up to five custom user fields. For more information visit this article.yourCustomAccountId

Phone Number Section

Configuration Parameter Name

Description

Sample Value
Synchronize Phone NumbersIf it is not turned on, Verba will not synchronized phone numbers. If the profile stores users who should not have phone numbers,
then this setting should be turned on and no extension mapping should be set up.
 
Mapping PresetsYou can use our Lync preset or you can create your own custom mappings. New extension maps can be added by pressing
the button below.
 
LDAP AttributeLDAP attribute name that stores the users' phone number or SIP address.msRTCSIP-Line
Pattern to MatchA regular expression that will be replaced.
^[tT][eE][lL]:(.*);ext=.*$
^[tT][eE][lL]:.*;ext=(.*)$
Conversion RuleThe regular expression in "Pattern to Match" setting will be replaced by this text or regular expression.

$1

Below you can see an example extension mapping setup:

Verba Groups based on AD Organization Unit Hierarchy Section

Configuration Parameter NameDescriptionSample Value
EnableIf it is enabled Verba will generate hierarchical groups based on Active Directory Organization Unit hierarchytrue
Group Naming - Reverse Order

If this setting is turned on, then the name of the created Verba group will be something like com / company / Organization / Group Name

Otherwise it will be Group Name / Organization / company / com

true
Group Naming - SeparatorIf this field is empty, then the attributes will be concatenated in their original form: CN=GroupName,DC=yourdomain,DC=com

/

Group Naming - Skip Top Level

If the top levels of the Organization should be skipped this fieldcan deine the number of skipped level.

1 - In this case the highest level(DC=com) will be skipped.

 

Groups Section

Configuration Parameter Name

Description

Sample Value
Synchronize GroupsIf it is enabled then Verba will also create groups for the imported users.true
Verba Groups based on AD GroupsIf it is enabled then Verba will follow the AD Group relationships and will create nested groups if required.true
Synchronized Group AttributesComma separated list of attributes that should be read from a User object.memberOf
Group Naming - Template

If the created Verba group name should be the simple name of the security group, then set this setting to CN.

If the Verba group's name should contain the whole DN of the group, then set this setting to empty.

CN
Group Naming - Reverse Order

If this setting is turned on, then the name of the created Verba group will be something like com / company / Organization / Group Name

Otherwise it will be Group Name / Organization / company / com

true
Group Naming - SeparatorIf this field is empty, then the attributes will be concatenated in their original form: CN=GroupName,DC=yourdomain,DC=com/
Filtered Synchronization

Possible values are:

  • Ignore selected groups: Verba will ignore the selected groups and will only create groups with the remaining ones.
  • Synchronize selected groups only: Verba will only create the selected groups.

Synchronize selected groups only

Select GroupSelect the groups you would like to be (or not to be, it depends on the Narrow option above) synchronized from the Active Directory. You can select multiple groups. 

Manager/Direct Reports Section

Configuration Parameter NameDescriptionSample Value
Generate Groups Based on Manager/Direct ReportsIf it is enabled then Verba will also create groups based on the direct reports. (Note: Feature is enabled only on the synchronized users)true
Group Name

Naming template for the generated groups.

The following placeholders can be used: [manager_name] [manager_login] [manager_department] [manager_company] 

Direct Reports of [manager_name] ([manager_login])
Add All Parent Managers If enabled the synchronization will add the manager's manager with the same privileges to the group

true

Manager Roles 

 

Supervisor

Defines group supervisor permission for the manager(s)

true

ManagerDefines group manager permission for the manager(s)

true

AdministatorDefines group administrator permission for the manager(s)true

Test Connection Section

This section can be used to quickly test whether the configuration is proper. 

New Users' Properties tab

The New Users' Properties tab can be used to configure what properties should new users be synchronized with to Verba.

A user is considered a new user when it has not previously been synchronized with a certain profile. So for example, if a user was previously synchronized by profile A, but in AD it gets moved to another location and now is being synchronized by profile B, then the user is considered a new user. Settings from the new profile replace the settings in the old profile. Previous manual changes are also removed. (The only exception being the Extension assignments)

The basic user configuration can be set up here such as Password Generation, Language, Timezone, etc. Since these properties are not synchronized from the AD, these can be customized later for the individual users.

Configuration Parameter Name

Description

Sample Value
User type Standard
Change Password at First Logon  
Verba Password Generation

 

Login name + 123
Language

 

English (en)
Default Timezone GMT-05:00 - Jamaica
Eastern Standard Time 

Associated Extension Settings section

Configuration Parameter Name

Description

Sample Value
Recording ModeHere you can select from the available recording modes and apply them to a phone number. The following valid values apply:
    • Full mode - All calls are recorded for the phone number.
    • On-demand mode - Only marked calls are recorded.
    • Do not record mode  - The given extension will not be recorded at all.
Full
VoiceIf enabled Verba records the imported user's voice.-
Instant MessagingIf enabled Verba records the imported user's instant Messages.-
VideoIf enabled Verba records the imported user's video.-
Desktop ScreenIf enabled Verba records the imported user's desktop screen.-

Lync Recording Announcement section

In case you have configured the Verba Lync Recording Announcement service then the following settings will turn on the announcement for the imported users.

Configuration Parameter Name

Description

Sample Value
Play Notification for PSTN Inbound CallsIf enabled and the announcement is configured then Verba will play notification for PSTN inbound calls for the imported users. -
Play Notification for Conference CallsIf enabled and the announcement is configured then Verba will play notifications for conference calls for the imported users.-
IM Notification for Conference CallsIf enabled and the announcement is configured then Verba will play IM notifications for conference calls for the imported users.-

Assigned Roles and Available Roles section

Sets which Verba Roles should the newly created users have. Since Verba Roles are not synchronized from the AD, these can be customized later for the individual users.

New Users' Groups section

Here you can view the list of your existing groups inside Verba and you can select to which group(s) you would like to add your imported users.

If you don't select any groups here and you don't use the Groups section from the LDAP Directory Information tab then the users will automatically assigned to the "default" group.

Advanced Active Directory Syncronization Settings

There are additional settings which help you fine tune how the Active Directory Syncronization works. In order to reach them, go to the Administration / Verba Servers menu, select your Media Repository (or Combo) server and go to the Change Configuration Settings tab. The settings can be found under the Web Application / Active Directory Syncronization node.

Configuration Parameter NameDescriptionSample Value

Run Active Directory Synchronization on Server

If enabled, then the syncronizations will be enabled to run on the server.Enable
Page SizeNumber of users to be read in one cycle.1000

Enable Reverse Check on Synchronization Attempts

If enabled, then after all of the users red, the first user will be red in reverse order, and it will be compared with the last user red in the first loop. If it does not match, then the synchronization will be rolled back.Enable

Enable Full Reverse Check on Synchronization Attempts

If enabled, then all of the users will be red in reverse order, and will be compared with the original results.Disable

Automatic Rollback Threshold on Invalidated Users [%]

If set, then all syncronization runs which changes more percent of the previously syncronized users than the value will be rolled back.0

Send email notification on successful AD sync runs

If enabled, then a notification email will be sent out after every active directory syncronization runs.No
  • No labels