.. _ad-ldap-write-back: Write-back to Active Directory LDAP ------------------------------------- .. _21.4-PB1|VOSS-1122: .. tip:: :ref:`use-action-search-to-navigate-automate` Overview ........... For Microsoft Active Directory LDAP servers, Automate provides an option to enable write-back as a part of Quick Add User, for both Cisco UCM Quick Add User and Microsoft Quick Add User. Prepare for write-back to Active Directory LDAP servers ......................................................... Before using write-back for Microsoft Active Directory LDAP servers, you'll need to set up the environment as follows: 1. At the required hierarchy for the **LDAP Server**: a. **Server Type** is ``microsoft_active_directory``. b. **Port** is 636. c. **Encryption Method** is ``Use SSL Encryption``. d. **Enable Write Operations** is enabled. 2. Add an **LDAP User Sync** instance at the required hierarchy: a. Select the relevant **LDAP Server**. b. Select a **LDAP Write Back Template** - see: :ref:`ldap-write-back-template`. c. If the **LDAP Write Back Only** checkbox is enabled, users are *only* synced in for write-back purposes and other user updates are not carried out. This should only be used for a Microsoft-only type scenario where users are being synced in initially from MS365 or MSTeams and the LDAP Write Back option is configured to write back to Active Directory for the purpose of syncing to Azure. At the end of the Quick Add User workflow, write-back is then carried out for target model type ``device/ldap/user`` using this **LDAP User Sync** instance. 3. When saving **LDAP User Sync**, a data sync instance is created that applies when a sync is carried out from **Sync & Purge > LDAP Users**. 4. When Quick Add User or Microsoft Quick User is run, the LDAP user is updated in accordance with the LDAP write-back template. .. _ldap-write-back-template: LDAP write-back template .......................... An LDAP Write Back template is a configuration template for target model type ``device/ldap/user`` that contains named macros that will be applied during write-back when the Quick Add User or Microsoft Quick User task is carried out. For example, the following macros can be used in the configuration template selected in **LDAP Write Back Template**. * LDAP username: ``{{macro.DISPLAY_GET_USERNAME}}`` - writes back username * LDAP user first name: ``{{macro.DISPLAY_NAME_GET_FNAME}}`` - writes back user first name * LDAP user last name: ``{{macro.DISPLAY_NAME_GET_LNAME}}`` - writes back user last name * **Telephone Number**: ``{{macro.DISPLAY_GET_FIRST_LINE}}`` - write back the first line added to a user when running Quick Add User. * **Telephone Number**: ``{{macro.DISPLAY_GET_FIRST_LINE_E164}}`` - write back the first E164 line added to a user when running Quick Add User. .. note:: * When writing back to Active Directory for the purpose of syncing to Microsoft Entra ID for Microsoft Teams provisioning, the LDAP authentication attribute on the LDAP user configuration must be to ``userPrincipalName`` and the username mapping on the **User Field Mapping** page must be set to ``userPrincipalName`` for the specific LDAP server. * The configuration template is automatically created for each LDAP server; at the same level of the hierarchy as the LDAP server when **Enable Write Operations** is set to True. There can only be one Write Back configuration template per LDAP server.