Configure Multi-Domain Active Directory Synchronization
This topic gives the information about how to configure multi-domain Active Directory synchronization (ADSync).
Prerequisites
Good to Know
- Multi-domain ADSync support provides these types of synchronization:
- Group synchronization
- Custom group synchronization
- Synchonizing users in an organizational unit (OU) to a group
- Custom filters on group synchronization
Configure ActiveDirectoryList.xml File
To configure ActiveDirectoryList.xml file, do the procedure in this topic.
Good to Know
- Each ActiveDirectory node represents the configuration for one domain.
- For each domain, you can add more than one group synchronization.
- The group configuration overrides the primary domain configurations.
- Filters must be in this format:
<![CDATA[ valid LDAP filter string]]>
- An Active Directory group can synchronize with more than one AgilePoint group separated by semicolons (;).
- To synchronize organizational unit (OU) users to AgilePoint group.
- Leave <ADGroupName> empty within <Group>.
- Enter organizational unit LDAP path in <LDAPPath> within <Group>.
How to Start
- On your AgilePoint Server machine, open the file (AgilePoint Server instance installation folder) C:\Program Files\AgilePoint\AgilePointServerInstance \bin\ActiveDirectoyList.xml
Procedure
- In the file ActiveDirectoyList.xml, add an <ActiveDirectoryEntries>
node each Active Directory domain.
Example:
<?xml version="1.0" encoding="utf-8"?> <ActiveDirectoryEntries xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ActiveDirectory> <DomainName>one</DomainName> <LDAPPath>LDAP://dc=one,dc=com</LDAPPath> <ADSync>true</ADSync> <Filters><![CDATA[(!(userAccountControl:1.2.840.113556.1.4.803:=2))]]></Filters> <Groups> <Group> <ADGroupName>one_group</ADGroupName> <APGroupName>two_group;one_group</APGroupName> <Filters></Filters> <LDAPPath></LDAPPath> </Group> </Groups> </ActiveDirectory> <ActiveDirectory> <DomainName>two</DomainName> <LDAPPath>LDAP://dc=two,dc=com</LDAPPath> <ADSync>true</ADSync> <Filters /> <Groups> <Group> <ADGroupName /> <APGroupName>one_group1</APGroupName> <LDAPPath>LDAP://ou=twoou,dc=two,dc=com</LDAPPath> <Filters /> </Group> </Groups> </ActiveDirectory> </ActiveDirectoryEntries>
Configure for Active Directory Groups Synchronization
Synchronizes Active Directory data with AgilePoint Server.
Prerequisites
- Before configuring, you must enable the ADSync Module Extension AgileConnector.
- On the Global Extended Module screen, in the Class field, select RESTMultiADAuthenticationFactory.
How to Start
- On the AgilePoint Server machine, in Windows Explorer, right-click the file (AgilePoint Server installation folder) C:\Program Files\AgilePoint\AgilePoint Server \WCFConfigurationUtility.exe, and click Run as Administrator.
- On the AgilePoint Server Manager screen, in the left pane, select your AgilePoint Server instance.
- Click Open Server Configuration
. - On the AgilePoint Configuration screen, click the Extensions tab.
- On the Extensions tab, select ADSyncModule.dll.
- Click Configure.
- On the Configuration for Active Directory Groups Synchronization screen, click the Active Directory Configuration tab.
Procedure
- On the Active Directory Configuration tab,
click Configure.
- On the Multi Domain Configuration screen, in the Enable field,
select your domains.
- Click OK.
- On the Active Directory Configuration tab,
select AgilePoint System User.
The ADSync module extension connects to the specified Active Directory using the AgilePoint Service Account.
- Click the Sync Settings tab.
- On the Sync Settings tab, complete the fields
as necessary.
For more information, refer to Configuration for Active Directory Groups Synchronization Screen - Sync Settings Tab.