Assign a group to a system role using an LDAP query

1. From a system role, select the Groups tab. The Groups tab contains a list of Active Directory groups and LDAP queries that have already been assigned to the role.

2. On the Groups tab, select Add. The Select the source container screen appears.

3. Select LDAP Query.

4. Mark the Search for users in subcontainers checkbox to search for users in any groups found within your query. If you leave the checkbox unmarked, only those users found explicitly within the query results are returned.

5. Enter a name for the LDAP query.

6. To specify where the program should begin the search, select Browse and select the desired location within your organization’s Active Directory structure. When you select a location, it appears in the Root field.

   Setting this “starting point” can greatly improve the performance of your LDAP query.

7. In the Query field, you can manually type in a valid LDAP query. If you are not familiar with LDAP syntax you can use a wizard to build a simple query.

   1. Select Define. The LDAP query wizard appears.

   2. Enter the information describing the users you are looking for.

   3. Select OK to save the query and return to the Select source container screen. The query you created with the wizard appears in the proper syntax in the Query field.

8. You can select Preview to view a list of users found by your query.

9. Select Save to assign the users included in your query to the selected system role. The saved LDAP query now appears in the list on the Groups tab, but none of the users in that LDAP query appear on the Users tab yet because synchronization has yet to take place with Windows. Once synchronization occurs, users in the LDAP query results appear on the Users tab, with a checkmark in the Synchronized column. For more information, see Synchronize Users in Windows and Blackbaud Groups.