Active directory integration configuration for Alfresco Community 5.1 (with comments line by line)

alfresco-global.properties

###############################
## Common Alfresco Properties #
###############################

dir.root=/opt/alfresco-community/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=Roketsan123!
db.name=alfresco
db.url=jdbc:postgresql://comhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections.  Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=/opt/alfresco-community/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco-community/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert

jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-community/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=913ed2257d1dba0b44c5986d12c776cd

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=/opt/alfresco-community

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=comhost
solr.port.ssl=8443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###

###############################
## LDAP Authentication Conf #
###############################

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap

ldap.authentication.active=true
ldap.authentication.java.naming.provider.url=ldap://<AD_IP_OR_HOSTNAME>:389

ldap.authentication.userNameFormat=%s@domain.com 
#For Active Directory use UPN structure
#For userNameFormat, please read "https://docs.alfresco.com/5.1/concepts/auth-ldap-props.html", AD and LDAP requires different structure.

ldap.authentication.allowGuestLogin=false

#If you need only authentication, the configuration so far is enough.
###############################
## LDAP Synchronization Conf #
###############################

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco@domain.com 
#A user for export operation from AD to Alfresco.
#This should be in the same format as ldap.authentication.userNameFormat (UPN)
#For the first time, give this user all permissions then restrict step by step

ldap.synchronization.java.naming.security.credentials=password 
#It's the password of "alfresco" user

#It is important to know the structure of OUs to set these lines correct.
#For the first test, searchBase and others is set to "DC\=domain,DC\=com" to query all users without any filter.
ldap.synchronization.groupSearchBase=OU\=Alfresco,DC\=domain,DC\=com
ldap.synchronization.groupQuery=(objectclass\=group)

ldap.synchronization.userSearchBase=OU\=Alfresco,DC\=domain,DC\=com
ldap.synchronization.personQuery=(objectclass\=user)

ldap.synchronization.groupDifferentialQuery=(&(objectclass\=user)((memberOf\=OU\=SubAlfrescoGroup1,OU\=Alfresco,DC\=domain,DC\=com))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=group)(memberOf\=OU\=SubAlfrescoGroup1,ou\=Alfresco,dc\=domain,dc\=com)(!(modifyTimestamp<\={0})))

# secs min hour dom mon dow
synchronization.import.cron=0 */1 * * * ? 
#Every minutes, Alfresco sync.

synchronization.syncOnStartup=true
synchronization.allowDeletions=true

ldap.synchronization.userIdAttributeName=sAMAccountName

synchronization.synchronizeChangesOnly=false 
#False to sync everything for each sync time, it consumes more network, process etc.
#True to sync only changes for each sync time
#For the first sync, I use "false", then switch it to "true".

#userFirstNameAttributeName and userLastNameAttributeName are commented, users are created with name and surname.
#So I am using these parameters as commented.

# The attribute on person objects in LDAP to map to the first name property in Alfresco
#ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
#ldap.synchronization.userLastNameAttributeName=""
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=group
# The person type
ldap.synchronization.personType=person
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member
#ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z' 
#It is also important, it changes for AD and LDAP.
#For timestampFormat, look at "https://docs.alfresco.com/5.1/concepts/auth-ldap-props.html"