Periodically (daily, at 11:59 pm), Symphony is synchronized with Active Directory. The process is as follows:
1. User associations are verified and updated
a. For every Symphony user without an Active Directory association, we determine if there is a matching Active Directory member (by comparing user name to Active Directory account name).
• If there is a match we create an association between the two.
b. For every Symphony user with an Active Directory association, we verify that the Active Directory member still exists.
• If not, we remove the association.
• If the association exists, we ensure that the user name, full name, and description in Symphony match the same values in Active Directory.
2. Group membership is updated
a. For every Symphony user and group with an Active Directory association, we determine the Active Directory group membership.
• If group membership has changed in Active Directory, then those changes are applied to the Symphony Group membership. Any non-Active Directory relationships are maintained.
1. Any changes to Active Directory will not be detected immediately by Symphony.
2. When the daily synchronization occurs, Symphony will detect that the user has joined a new Active Directory group.
3. The server will then attempt to find a matching Symphony group.
• If a matching Symphony group exists, the user will be added to that group.
• If not, the server proceeds to recursively check all the parents of the Active Directory group, trying to find a match with Symphony groups. The operation continues up each parental line until either:
a. an associated Symphony group is found, or
b. there is no parent to check.
This operation ensures that the Symphony group membership matches the Active Directory group membership as closely as possible.