Synchronizing Active Directory groups with AgilePoint groups

Special characters can be included in group names while synchronizing users of Active Directory and AgilePoint by using a CustomActiveDirectorySync key of String data type in the ADSync module. However, the semicolon (;) and tilde (~) characters cannot be used in group names, because they act as group-pair separators, as follows:

<AgilePointGroup1>~<ActiveDirectoryGroup1>;<AgilePointGroup2>~<ActiveDirectoryGroup2> and so on.

Prerequisites

AgilePoint NX OnPremises or AgilePoint NX Private Cloud.
The ADSyncModule extension is enabled.

Good to Know

Group Synchronization Rules:
- Only groups that have already been added into AgilePoint will be synchronized with Active Directory. New Active Directory groups will not be added automatically to AgilePoint. The new Active Directory groups can be added manually through the Enterprise Manager interface.
- The changes of user members (adding or removing) in the Active Directory groups will be synchronized to AgilePoint but the changes in AgilePoint groups will NOT be synchronized back to the Active Directory.
- The synchronization only applies to member association (Add or Remove) within the groups. Group properties such as names and descriptions are NOT synchronized.
  - When a new member is added to Active Directory, this member will also be added to the corresponding AgilePoint group. If the actual user entity is not registered in AgilePoint yet, the user entity will be registered to AgilePoint automatically.
  - When a member is removed from Active Directory, this member in the corresponding AgilePoint group will also be removed. The actual user entity will NOT be removed from AgilePoint as the same user entity can also be associated with other groups in the system.
  - If the Active Directory contains sub-groups (Nested groups), the members in the sub-groups will also be synchronized and the members will be added to or removed from the top level group.
User Synchronization Rules:
- Changes to the following Active Directory user properties will be synchronized to AgilePoint. Other properties will NOT be synchronized.
  - Full Name
  - Email Address
  - Department
  - Title
  - Manager
- Removal of an Active Directory User will result in the following AgilePoint synchronization actions:
  - The user will be removed from any AgilePoint groups.
  - Any tasks assigned to this user will still exist, it may be required to cancel or reassign these tasks to a valid AgilePoint user.

Procedure

In the Windows Registry, create the following keys in the location SOFTWARE\Ascentn\Server\ActiveDirectory

Name	Value
CustomActiveDirectorySync	Function: The data type is String. Accepted Values: A semicolon-delimited list of group pairs in the following format: <APGroup1>~<ADGroup1>;<APGroup2>~<ADGroup2> Example: <APMyGroup>~<ADYourGroup> Specifies that an AgilePoint Group named APMyGroup is to be synchronized with an Active Directory Group named ADYourGroup. <APMyGroup>~<ADYourGroup>;<APOurGroup>~<ADTheirGroup> Specifies that 2 pairs of groups are synchronized: APMyGroup with ADYourGroup, and APOurGroup with ADTheirGroup.

Name

Value

CustomActiveDirectorySync

Function:

The data type is String.

Accepted Values:

A semicolon-delimited list of group pairs in the following format:

Example:

<APMyGroup>~<ADYourGroup>
Specifies that an AgilePoint Group named APMyGroup is to be synchronized with an Active Directory Group named ADYourGroup.
<APMyGroup>~<ADYourGroup>;<APOurGroup>~<ADTheirGroup>
Specifies that 2 pairs of groups are synchronized: APMyGroup with ADYourGroup, and APOurGroup with ADTheirGroup.