How to get Group members from on Prem AD to ServiceNow using LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 09:29 PM
We want to get group members from On Prem AD to ServiceNow using LDAP.
Please help me out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 09:42 PM
Hi, what exactly do you need help with?
First steps would be to enable internet access from your internal network, so that your ServiceNow instance can talk to your AD server - I imagine that your security team would want to do this by IP address as anything else could be a security risk, so you will need to login to the SNC support portal and get your instance IP address(es) via MY IP Address automation
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0538621
Once you have access to your AD server and your AD team have enabled the LDAP access that you require, you can enable user\group import\updated based on your requirements.
I think this KB article covers most of the detail that you will need.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0961314
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 10:03 PM
HI @Pranay Verma ,
I trust you are doing great.
Here is a step-by-step solution:
Enable internet access from your internal network:
- Contact your security team to allow internet access from your ServiceNow instance's IP address. This is crucial for communication between ServiceNow and your AD server.
- To find your instance IP address, follow the instructions in this ServiceNow knowledge base article: KB0538621.
Ensure LDAP access to AD:
- Coordinate with your AD team to enable LDAP access for the required functionality.
- Confirm with your AD team that the necessary LDAP ports are open and accessible.
Configure user and group import:
- Log in to your ServiceNow instance as an administrator.
- Navigate to the "LDAP Server Configuration" module using the navigation pane.
- Create a new LDAP server configuration record by providing the required details such as server name, IP address, port, and credentials.
- Test the connection to ensure successful communication between ServiceNow and the AD server.
- Configure the import settings according to your requirements, specifying the base DN (Distinguished Name) for groups, filters, and attributes to import.
- Save the configuration.
Import AD group members into ServiceNow:
- Create a new Scheduled Job in ServiceNow to run the LDAP import on a scheduled basis.
- Specify the LDAP server configuration created earlier and configure the import schedule as needed.
- Define the LDAP query to retrieve group members using the appropriate filters and attributes.
- Map the retrieved AD group members' attributes to ServiceNow fields.
- Run the scheduled job to trigger the initial import and subsequent updates based on your defined schedule.
Was this answer helpful?
Please consider marking it correct or helpful.
Your feedback helps us improve!
Thank you!
Regards,
Amit Gujrathi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2023 02:35 AM
Hello Amit,
I have done till LDAP connection and we are getting groups details but unable to get group members in ServiceNow group table.
