Configure Multi-Domain Active Directory Synchronization

Good to Know

• Each ActiveDirectory node represents the configuration for one domain.
• For each domain, you can add more than one group synchronization.
• The group configuration overrides the primary domain configurations.
• Filters must be in this format:

  <![CDATA[ valid LDAP filter string]]>

• An Active Directory group can synchronize with more than one AgilePoint group separated by semicolons (;).
• To synchronize organizational unit (OU) users to AgilePoint group.
  • Leave <ADGroupName> empty within <Group>.
  • Enter organizational unit LDAP path in <LDAPPath> within <Group>.

How to Start

1. On your AgilePoint Server machine, open the file (AgilePoint Server instance installation folder) C:\Program Files\AgilePoint\AgilePointServerInstance\bin\ActiveDirectoyList.xml

Procedure

1. In the file ActiveDirectoyList.xml, add an <ActiveDirectoryEntries> node each Active Directory domain.

   Example:

   <?xml version="1.0" encoding="utf-8"?>
   <ActiveDirectoryEntries xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <ActiveDirectory>
         <DomainName>one</DomainName>
         <LDAPPath>LDAP://dc=one,dc=com</LDAPPath>
         <ADSync>true</ADSync>
         <Filters><![CDATA[(!(userAccountControl:1.2.840.113556.1.4.803:=2))]]></Filters>
         <Groups>
           <Group>
             <ADGroupName>one_group</ADGroupName>
             <APGroupName>two_group;one_group</APGroupName>  
             <Filters></Filters>
             <LDAPPath></LDAPPath>    
           </Group>
         </Groups>
       </ActiveDirectory>
       <ActiveDirectory>
         <DomainName>two</DomainName>
         <LDAPPath>LDAP://dc=two,dc=com</LDAPPath>
         <ADSync>true</ADSync>
         <Filters />
         <Groups>
           <Group>
             <ADGroupName />
             <APGroupName>one_group1</APGroupName>
             <LDAPPath>LDAP://ou=twoou,dc=two,dc=com</LDAPPath>
             <Filters />
           </Group>
         </Groups>
       </ActiveDirectory>
     </ActiveDirectoryEntries>

Prerequisites

• Before configuring, you must Enable the ADSyncModule AgileConnector for Active Directory.
• On the Global Extended Module screen, in the Class field, select RESTMultiADAuthenticationFactory.

How to Start

1. On the AgilePoint Server machine, in Windows Explorer, right-click the file (AgilePoint Server installation folder) C:\Program Files\AgilePoint\AgilePoint Server\WCFConfigurationUtility.exe, and click Run as Administrator.

   
   
   

2. On the AgilePoint Server Manager screen, in the left pane, select your AgilePoint Server instance.

   
   
   

3. Click Open Server Configuration .

   
   
   

4. On the AgilePoint Server Configuration screen, click the Integrations tab.

   
   
   

5. On the Extensions tab, select ADSyncModule.dll.
6. Click Configure.
7. On the Configuration for Active Directory Groups Synchronization screen, click the Active Directory Configuration tab.

Procedure

1. On the Active Directory Configuration tab, click Configure.

   
   
   

2. On the Multi Domain Configuration screen, in the Enable field, select your domains.

   
   
   

3. Click OK.
4. On the Active Directory Configuration tab, select AgilePoint System User.

   The ADSync module extension connects to the specified Active Directory using the AgilePoint Service Account.

   
   
   

5. Click the Sync Settings tab.

   
   
   

6. On the Sync Settings tab, complete the fields as necessary.

   For more information, refer to ADSyncModule Extension.