CMDB – Configuration Items (CIs) Active Directory Connector Best Practise

Don't fill up the CMDB will obsolete Configuration Items(CIs).

  • Ask this question - will I report on this CI? If the object is not required to be reported on, or if it is transient then don’t include it.
  • Consider Automating a workflow that identifies and moves obsolete Active Directory objects to OUs that are not being targeted through Connector(s).

Ensure each Configuration Item(CI) has a single source of truth.

  • Select either the AD Connector or the Configuration Manager for Computers objects and not both

    If a CI is synchronised by more than 1 connector and each source i.e. AD and Configuration Manager has a different value, then the last Connector synchronisation will determine the value that is written to the database that is until the next Connector sync schedule. Minimise contention.

  • Create multiple AD Connectors *example 1 for each CI type to manage data set size and synchronisation times.

Do not synchronize AD Group objects unless required

 Ensure to select the option ‘Do not write null values for properties not set in Active Directory’.

  • Using this setting ensures the connectors do not update CI values to NULL.

 Use LDAP filters to only import relevant types of objects.

 When implementing multiple AD connectors stagger the schedule so they don’t all run at the same time and ensure they do not run during Backup or other Maintenance Windows

AD Connector Deletion


Line Manger and User must be imported using the same connector


Mapping AD Connector Properties to Service Manager

Mihai Sarbulescu has an excellent blog covering AD connectors tweaks

The Service Manager Product Group has also posted an excellent blog improving AD Connector performance