Fortinet white logo
Fortinet white logo

Administration Guide

Schedule synchronization

Schedule synchronization

When you select Schedule on the Directories view, you can select a date/time and poll interval for the directory synchronization task. The scheduled task may also be paused and run manually later. This process adds the Synchronize Users with Directory task to the scheduler.

When the directory and FortiNAC are synchronized, changes made to users in the directory are written to corresponding user records in the database. Users from the directory are only added to the FortiNAC database when they connect to the network and register.

Upon initial synchronization, a host group is created for each directory group. Specific directory groups can be disabled from attribute mappings. See Select groups tab under configuration for details. If an Administrator group with the same name already exists, a host group will not be created. Any new groups created in the directory are detected upon the following synchronization. Groups created are displayed in FortiNAC on the Groups View.

If you are using a directory for authentication, user data is updated from the directory based on the user ID during synchronization. This is true regardless of how the user is created and whether the user is locally authenticated or authenticated through the directory. If the user ID on the user record matches a user ID in the directory, the FortiNAC database is updated with the directory data.

When an administrator group is created in FortiNAC with the same name as a group being synchronized from a directory, the administrator group members will remain the same as the directory group members. Therefore, if you add a non-directory user to the administrator group and then synchronize the directory, the non-directory user is removed from the administrator group because the user is not a member of the directory group.

The directory schedule is global and applies to all directories listed. Separate schedules cannot be entered for each directory.

Settings

Field

Definition

Schedule Interval

Poll interval for the scheduled task. Options are Minutes, Hours, or Days.

Next Scheduled Time

The next date/time the scheduled synchronization task will run. Entered in the format MM/DD/YY HH:MM AM/PM.

Enabled

When unselected, the scheduled synchronization task is stopped and does not run automatically. To run the task manually click Run Now.

Run Now

Runs the Synchronization task immediately.

Schedule directory resynchronization

  1. Click System > Settings.
  2. Click the Authentication folder in the tree control.
  3. Click LDAP to display the Directories window.
  4. Select a directory in the list and click Schedule.
  5. Set a Schedule Interval by entering a number and selecting Minutes, Hours, or Days from the drop-down menu.
  6. Click in the Next Scheduled Time field and enter the date/time to run the synchronization task.
  7. To stop the scheduled task, remove the check mark from click in the Enabled box.

    If the scheduled task is disabled, the Administrator can go to the Scheduler view and run the task manually to synchronize the directory with FortiNAC. See Scheduler for details.

  8. To run the scheduled task immediately, click Run Now.
  9. Click OK to save the schedule.

Schedule synchronization

Schedule synchronization

When you select Schedule on the Directories view, you can select a date/time and poll interval for the directory synchronization task. The scheduled task may also be paused and run manually later. This process adds the Synchronize Users with Directory task to the scheduler.

When the directory and FortiNAC are synchronized, changes made to users in the directory are written to corresponding user records in the database. Users from the directory are only added to the FortiNAC database when they connect to the network and register.

Upon initial synchronization, a host group is created for each directory group. Specific directory groups can be disabled from attribute mappings. See Select groups tab under configuration for details. If an Administrator group with the same name already exists, a host group will not be created. Any new groups created in the directory are detected upon the following synchronization. Groups created are displayed in FortiNAC on the Groups View.

If you are using a directory for authentication, user data is updated from the directory based on the user ID during synchronization. This is true regardless of how the user is created and whether the user is locally authenticated or authenticated through the directory. If the user ID on the user record matches a user ID in the directory, the FortiNAC database is updated with the directory data.

When an administrator group is created in FortiNAC with the same name as a group being synchronized from a directory, the administrator group members will remain the same as the directory group members. Therefore, if you add a non-directory user to the administrator group and then synchronize the directory, the non-directory user is removed from the administrator group because the user is not a member of the directory group.

The directory schedule is global and applies to all directories listed. Separate schedules cannot be entered for each directory.

Settings

Field

Definition

Schedule Interval

Poll interval for the scheduled task. Options are Minutes, Hours, or Days.

Next Scheduled Time

The next date/time the scheduled synchronization task will run. Entered in the format MM/DD/YY HH:MM AM/PM.

Enabled

When unselected, the scheduled synchronization task is stopped and does not run automatically. To run the task manually click Run Now.

Run Now

Runs the Synchronization task immediately.

Schedule directory resynchronization

  1. Click System > Settings.
  2. Click the Authentication folder in the tree control.
  3. Click LDAP to display the Directories window.
  4. Select a directory in the list and click Schedule.
  5. Set a Schedule Interval by entering a number and selecting Minutes, Hours, or Days from the drop-down menu.
  6. Click in the Next Scheduled Time field and enter the date/time to run the synchronization task.
  7. To stop the scheduled task, remove the check mark from click in the Enabled box.

    If the scheduled task is disabled, the Administrator can go to the Scheduler view and run the task manually to synchronize the directory with FortiNAC. See Scheduler for details.

  8. To run the scheduled task immediately, click Run Now.
  9. Click OK to save the schedule.