Configuring Active Directory Synchronization - Advanced

Owned by Kiss, Mate
Last updated: Feb 26, 2024 by Zszugyi
2 min read

In large Verba deployments, where many different kinds of users would use Verba (with different recording settings, roles, and other settings, and the combination of these), the basic setup of the Active Directory Synchronization would need a very high number of security groups on the Active Directory side. It would require a separate group for each setting, and a separate group for each combination of these, which is hardly manageable. In order to avoid this, Verba offers a feature, called Merged Profiles.

***Creating an AD security group for all Verba users is not mandatory. See configuration stage 1.

With the Merged Profiles, once a user gets synchronized, the subsequent profiles can modify the user and add several additional settings. This way, the recording setting, the user role, and the group membership setting synchronization can be combined. If a more detailed fine-tuning is required, see New Users' Properties Rules.

Stage 1: Configuring the base Active Directory Synchronization Profile

For the base profile configuration, complete the steps 1-7 from the Configuring Active Directory Synchronization - Basic (LDAP) or the Configuring Active Directory Synchronization - Basic (Microsoft Entra ID, formerly Azure AD) article (Configuring AD Synchronization for Recorded Users section). At step 7, there are two options for the LDAP Search Filter setting:

  • Creating a separate security group on the AD side for all Verba users, and using that one in the LDAP Search Filter.
    E.g.: (&(objectcategory=person)(objectclass=user)(memberOf=CN=All Verba Users,OU=London,DC=CONTOSO,DC=COM))
  • Skipping the creation of a security group for all Verba users, and using the other security groups with OR operation between them. This is recommended only in the case of a low number of groups.
    E.g.: (&(objectcategory=person)(objectclass=user)(|(memberOf=CN=Voice Recorded,OU=London,DC=CONTOSO,DC=COM)(memberOf=CN=IM Recorded,OU=London,DC=CONTOSO,DC=COM)(memberOf=CN=Verba Supervisor,OU=London,DC=CONTOSO,DC=COM)........))

Stage 2: Configuring the Active Directory Synchronization Profiles based on recording modes, roles, and groups

Create multiple AD Synchronization Profiles using the Configuring Active Directory Synchronization - Basic (LDAP) or the Configuring Active Directory Synchronization - Basic (Microsoft Entra ID, formerly Azure AD) article. Use the different AD security groups at step 7. Configure each profile according to its purpose (Phone number and/or SIP URI mappings and recording settings, role settings, group settings).

Stage 3: Configuring the Active Directory Synchronization Profile Merging

Step 1 - Open the base Active Directory Synchronization Profile

Step 2 - At the Profiles to be Merged setting, add the other AD Synchronization Profiles by clicking on the >> icon.

Step 3 - Tick the settings to be merged (Extensions, Groups, Roles).

Step 4 - Click Save.