DirSync + Active Directory contacts

jerome · May 28, 2025, 7:01am

Hi Community members,
DirSync is in place and OK, but we created groups on the AD side with external emails (these users exist as contacts in the AD). As I understood we do need to have the contact synched also to domino but they do not. The contacts in AD have emails, the only thing missing is fullname on the AD side, so my question is are therre any constraint to sync AD contacts to domino to have them in groups synched from AD

shigemitsu.tanaka · May 28, 2025, 8:05am

Hello.
If there are no problems with the LDAP filter and ldap group settings, the groups will be synchronized as well.
Just to be sure, please check to see if there are any problems with those two settings.

Regards,
Shigemitsu Tanaka

jerome · May 28, 2025, 8:55am

Well I was not clear, Users and Groups sync very well. We are just facing the following:
Let’s say our internet domain is @company.com
On AD side one group (let’s say externalGroup) contains AD “contacts” with domain @outlook.fr. The “externalGroup” is created in domino by dirsync BUT the group member is empty. The “Contact” in AD only contains the email (xxx@outlook.fr) but no firstname nor lastname, I do suspect we need to sync these contacts for the externalGroup group members to be synched, I’ve opened a case to narrow down the problem.

nishantsh · June 2, 2025, 4:31am

Hello Jerome,

Hope you are doing well.

With setting up Directory Sync between AD and Domino, the users and group should be synched with Domino.

Please refer the following Support links for details.

I hope the above information will help in answering your concerns.

Thank you

Thanks & Regards
Nishant Shendre

jerome · June 2, 2025, 5:41am

Well if you can vote for the idea it can be great for AD users:
Unfortunately, this is currently working as designed. We don’t support AD “contacts”. We only support AD “users” with real accounts that have credentials \ passwords, etc.

So, to implement this feature in a future release, I created an AHA request.

I would request you to vote for this ER, so that, the product management can consider this in a future release.

Shrikant · June 2, 2025, 2:09pm

Hello Jerome,

I just tried to simulate what you have described on this thread. However, I am able to sync the group along with the members.
I just created a video here and let me know if I am missing anything ?

Thank you
Regards
Shrikant J

jerome · June 2, 2025, 2:24pm

Shrikant I know ho to sync users or groups, but we are talking about Active Directory “Contact”, which is :
Key characteristics of Active Directory contacts:

They are non-security principals, meaning they cannot log in to the domain or access resources
Contacts can include details like email addresses, phone numbers, and organizational information
They are often used to make external people reachable via email or phone from within the organization, especially in environments integrated with Microsoft Exchange or similar systems
Contacts are distinct from user accounts: they do not have passwords or security identifiers (SIDs) and cannot be used for authentication
.