ADSyncModule Extension

For most enterprises, Active Directories are changing continuously with users added or removed frequently. For enterprises with large numbers of groups and users, a mechanism to automate the synchronization of the member association in Active Directory plays an important role for any Active Directory integration.

This synchronization module provides the synchronization capability between Active Directory groups and AgilePoint groups automatically.

This synchronization module can be added to the AgilePoint system through the AgilePoint Global Server Control Extended Module. This server extension allows you to enable and configure automated synchronization of the AgilePoint authentication data with Active Directory. It will automate the member synchronization between Active Directory users and groups and AgilePoint users and groups.

Background and Setup

To configure an AgileConnector, ​ do the procedure in this topic.

Video: Synchronize Users with Active Directory

Prerequisites

Good to Know

  • Group Synchronization Rules:
    • Only groups that have already been added into AgilePoint will be synchronized with Active Directory. New Active Directory groups will not be added automatically to AgilePoint. The new Active Directory groups can be added manually through the Enterprise Manager interface.
    • The changes of user members (adding or removing) in the Active Directory groups will be synchronized to AgilePoint but the changes in AgilePoint groups will NOT be synchronized back to the Active Directory.
    • The synchronization only applies to member association (Add or Remove) within the groups. Group properties such as names and descriptions are NOT synchronized.
      • When a new member is added to Active Directory, this member will also be added to the corresponding AgilePoint group. If the actual user entity is not registered in AgilePoint yet, the user entity will be registered to AgilePoint automatically.
      • When a member is removed from Active Directory, this member in the corresponding AgilePoint group will also be removed. The actual user entity will NOT be removed from AgilePoint as the same user entity can also be associated with other groups in the system.
      • If the Active Directory contains sub-groups (Nested groups), the members in the sub-groups will also be synchronized and the members will be added to or removed from the top level group.
  • User Synchronization Rules:
    • Changes to the following Active Directory user properties will be synchronized to AgilePoint. Other properties will NOT be synchronized.
      • Full Name
      • Email Address
      • Department
      • Title
      • Manager
    • Removal of an Active Directory User will result in the following AgilePoint synchronization actions:
      • The user will be removed from any AgilePoint groups.
      • Any tasks assigned to this user will still exist, it may be required to cancel or reassign these tasks to a valid AgilePoint user.

How to Start

  1. On the AgilePoint Server machine, in Windows Explorer, right-click the file (AgilePoint Server installation folder) C:\Program Files\AgilePoint\AgilePoint Server \WCFConfigurationUtility.exe, and click Run as Administrator.
  2. On the AgilePoint Server Manager screen, in the left pane, select your AgilePoint Server instance.
  3. Click Open Server Configuration Open Server Configuration icon.
  4. On the AgilePoint Configuration screen, click the Extensions tab.

Enable the ADSyncModule Extension for Active Directory

To enable the ADSyncModule AgileConnector for Active Directory integration, ​do the procedure in this topic.

How to Start

  1. On the AgilePoint Configuration screen, in the Extensions tab, click Add.

Procedure

  1. In the Impersonator field, enter the AgilePoint user name that is used to connect to your e-mail server.

    By default, this is the AgilePoint Service Account.

  2. Browse to the assembly (AgilePoint Server installation folder) C:\Program Files\AgilePoint\AgilePoint Server \bin\ADSyncModule.dll.
  3. Click OK.

Configuration for Active Directory Groups Synchronization Screen - Active Directory Configuration Tab

Synchronizes AgilePoint Server user data with Active Directory.

Figure: Configuration for Active Directory Groups Synchronization > Active Directory Configuration tab

Active Directory Configuration tab

Prerequisites

How to Start

  1. On the AgilePoint Configuration screen, in the Extensions tab, select ADSyncModule.dll.
  2. Click Configure.
  3. On the Configuration for Active Directory Groups Synchronization screen, click the Active Directory Configuration tab.

Fields

Field Name Definition

LDAP Path
Function:
Specifies the LDAP connection string for your Active Directory.
Accepted Values:

A valid LDAP connection string.

Use the Ellipses button to retrieve the connection string for the current Active Directory.

Default Value:
LDAP://
Example:
LDAP://DC=MyCompany,dc=com

Domain
Function:
The authentication domain for Active Directory users.
Accepted Values:
A valid domain.
Default Value:
None

... (LDAP configuration)
Opens this Screen:
Advanced LDAP Settings Screen
To Open this Field:
You must be using a multi-tenant environment.
Function of this Screen:
Specifies to map the LDAP connection string for your Active Directory with your tenant.

AgilePoint System User
Function:
Specifies whether the ADSync module extension connects to the specified Active Directory using the AgilePoint Service Account.
Accepted Values:
  • Selected - The ADSync module uses the AgilePoint Service Account.
  • Deselected - The ADSync module uses a custom account.
Default Value:
Selected

Custom Account
Function:
Specifies whether the ADSync module extension connects to the specified Active Directory using a specified account other than the AgilePoint Service Account. This is useful if the AgilePoint Service Account does not have an account on your Active Directory domain.
Accepted Values:
  • Selected - The ADSync module uses a custom account.
  • Deselected - The ADSync module uses the AgilePoint Service Account.
Default Value:
Deselected

Username
Function:
Specifies the user name for an account you want AgilePoint Server to use to connect to your Active Directory domain.
Accepted Values:
A valid user name for an account that has access to the Active Directory domain to which you want to connect.
Example:
DEMO3/jsmith

Password
Function:
The password for the authentication account.
Accepted Values:
An alphanumeric string that represents a password.
Default Value:
None

Sync Settings Tab
Opens this Screen:
Configuration for Active Directory Groups Synchronization screen > Sync Settings tab
Function of this Screen:
Specifies the how often Active Directory users and groups are synchronized.

Advanced LDAP Settings Screen

Specifies to map the LDAP connection string for your Active Directory with your tenant.

Figure: Advanced LDAP Settings screen

Advanced LDAP Settings screen

Prerequisites

  • To access this screen, you must have a multi-tenant environment.

How to Start

  1. On the Configuration for Active Directory Groups Synchronization screen, in the Active Directory Configuration tab, click the ellipses button (...) to configure your LDAP settings for more than one tenant.

Fields

Field Name Definition

Add (+)
Function:
Creates a row where you can specify your tenant name and LDAP string.

Tenant
Function:
Specifies the name of the tenant for which you want to map with LDAP connection string.

You can have multiple instances of the same tenant name, and each tenant can have multiple LDAP connection strings.

Accepted Values:
A list of your enabled tenant names.
Default Value:
None

LDAP String
Function:
Specifies the LDAP connection string of your Active Directory for your tenant.
Accepted Values:
A valid LDAP connection string.
Default Value:
None
Example:
LDAP://DC=MyCompany,dc=com

Remove (-)
Function:
Deletes the selected row from the multi-tenant LDAP settings list.

Delete ()
Function:
Deletes all rows from the multi-tenant LDAP settings list.

Configuration for Active Directory Groups Synchronization screen > Sync Settings tab

Specifies the how often Active Directory users and groups are synchronized.

Figure: Configuration for Active Directory Groups Synchronization > Sync Settings tab

Configuration for Active Directory Groups Synchronization Sync Settings tab

Prerequisites

How to Start

  1. On the Configuration for Active Directory Groups Synchronization screen, click the Sync Settings tab.

Fields

Field Name Definition

Schedule
Function:

The frequency for Active Directory synchronization. Synchronization can occur every day, week, or month, at a particular time or day.

Every
Function:
Specifies whether the Active Directory synchronization occurs every day, week, or month.
Accepted Values:
  • Day - The Active Directory synchronization occurs every day.
  • Week - The Active Directory synchronization occurs every week.
  • Month - The Active Directory synchronization occurs every month.
Default Value:
Day

At
Function:
Specifies whether the Active Directory synchronization occurs at a specified hour.
Accepted Values:
0-23

The time shows in 24 hour clock format, where 0 is 12 AM and 23 is 11 PM.

Default Value:
0

Week Day
Function:
Specifies the day of the week that the Active Directory synchronization occurs.
To Open this Field:
  1. On the Configuration for Active Directory Groups Synchronization screen > Sync Settings tab, in the Every list, select Week.
Accepted Values:
  • Sunday
  • Monday
  • Tuesday
  • Wednesday
  • Thrusday
  • Friday
  • Saturday
Default Value:
None
Limitations:

This field is available in these releases:

Date
Function:
Specifies the day of the month that the Active Directory synchronization occurs.
To Open this Field:
  1. On the Configuration for Active Directory Groups Synchronization screen > Sync Settings tab, in the Every list, select Month.
Accepted Values:
  • 1-27 - The Active Directory synchronization occurs every day of the month you specify between 1 to 27.

    You can not specify 28, 29, 30, or 31. If any of these days are the last day of the month, then select Last Day of Month.

  • Last Day of Month - The Active Directory synchronization occurs every last day of the month.
Default Value:
None
Limitations:

This field is available in these releases:

Disable Email Notification for Active Directory Activities
Function:
Disables e-mail notifications for the Active Directory process activities.
Accepted Values:
  • Selected - Disables e-mail notifications for Active Directory activities.
  • Deselected - Enables e-mail notifications for Active Directory activities.
Default Value:
Deselected

If Active Directory group member is not AgilePoint user
Function:
Specifies what actions to take if a member of your Active Directory is not a registered AgilePoint user.
Accepted Values:
  • Register user to AgilePoint automatically - Creates an AgilePoint account for the user using their Active Directory information.
  • Send email to AgilePoint system user, and do not take any action - Does not create an AgilePoint account for the Active Directory user, but sends a notification email to the AgilePoint system user account.
Default Value:
Register user to AgilePoint automatically

Do not remove users from AgilePoint group, if users are not in Active Directory Group
Function:
Specifies if users are not in an Active Directory group, whether to delete them from the group in AgilePoint NX.
Accepted Values:
  • Selected - Users are not deleted from the AgilePoint group.
  • Deselected - Users are deleted from the AgilePoint group.
Default Value:
Deselected

Disable users in AgilePoint, which are disabled in Active Directory
Function:
Specifies if the users that are disabled in Active Directory to be disabled in AgilePoint NX.
Accepted Values:
  • Selected - Users are disabled in AgilePoint NX.
  • Deselected - Users are enabled in AgilePoint NX.
Default Value:
Deselected

Sync all Social Email IDs with Email IDs
Function:
Specifies whether to synchronizes users' social account e-mail IDs with AgilePoint users' e-mail IDs.

This synchronization occurs each time and Active Directory synchronization occurs. AgilePoint recommends using this option only if all of your users' messaging IDs and email IDs are the same.

Accepted Values:
  • Selected - Synchronizes users' social account e-mail IDs with users' e-mail IDs.
  • Deselected - Does not synchronize users' social account e-mail IDs with users' e-mail IDs.
Default Value:
Deselected

Sync all Social Account Lync IDs with Email IDs
Function:
Synchronizes all of your users' Skype for Business IDs with their email IDs.

This synchronization occurs each time and Active Directory synchronization occurs. AgilePoint recommends using this option only if all of your users' messaging IDs and email IDs are the same.

Accepted Values:
  • Selected - Synchronizes Lync IDs with users' email IDs.
  • Deselected - Does not synchronize Lync IDs with users' email IDs.
Default Value:
Deselected

Sync all Social Account Yammer IDs with Email IDs
Function:
Synchronizes Yammer IDs with AgilePoint users' email IDs. This synchronization occurs each time and Active Directory synchronization occurs. AgilePoint recommends using this option only if all of your users' messaging IDs and email IDs are the same.
Accepted Values:
  • Selected - Synchronizes Yammer IDs with users' email IDs.
  • Deselected - Does not synchronize Yammer IDs with users' email IDs.
Default Value:
Deselected

Sync all Social Account Salesforce (Chatter) IDs with Email IDs
Function:
Synchronizes Salesforce Chatter IDs with AgilePoint users' email IDs. This synchronization occurs each time and Active Directory synchronization occurs. AgilePoint recommends using this option only if all of your users' messaging IDs and email IDs are the same.
Accepted Values:
  • Selected - Synchronizes Salesforce Chatter IDs with users' e-mail IDs.
  • Deselected - Does not synchronize Salesforce Chatter IDs with users' e-mail IDs.
Default Value:
Deselected