Synchronize Active Directory with TotalAgility
Configure the SYSTEM Active Directory Synchronization sample map to suit your organization's requirements. This map contains the following activities and decisions.
Activity | Description |
---|---|
AD Sync | A .NET activity that automatically executes synchronization. Sets the groups and users associated with the organizational unit as members of the relevant category. Sets the users associated with groups in Active Directory as associated group members in TotalAgility. |
Critical | A decision that defines whether the error is critical or not. |
Format Message | A Script activity that records the critical error. |
Notify Administrator of Critical Errors | An Email activity that sends an email to the administrator with details of the critical error. |
Successful | A decision that defines whether the synchronization is successful. |
Review Errors | A manual ordinary activity that allows you to do the following:
Alternatively, take and process the Review Errors activity through your work queue. When you take the Review Errors activity in the Active Directory Synchronization map, the AD Error Handling page appears. Use the AD Error Handling page to review the Active Directory synchronization errors, fix the errors and retry synchronization, or ignore the errors and complete the process. |
Resubmit | A decision that defines whether to resubmit the error for processing again. |
Process Errors | An activity that sends the error for processing again. |
-
Map the .NET method variables with the server and process variable to configure the
"AD Sync" activity.
-
AD_SERVERNAME
-
AD_SERVERNAME_CN
-
AD_USERNAME
The username cannot be more than 56 characters. -
AD_PASSWORD
-
AD_LAST_USNCHANGED
-
AD_SECURITYLEVEL
-
AD_CHASE_REFERRAL
-
SETCATEGORYACCESS
-
AD_DEACTIVATE_USER
-
BSUCCESSFUL
-
ERRORXML
-
BCRITICAL
-
CRITICAL_ERROR_TEXT
-
-
Map the email node elements to the server and process variables to configure the
"Notify Administrator of Critical Errors" activity.
Email node element
Server or process variable
To
AD_EMAIL_ADMINISTRATOR
From
SYSTEM_EMAIL_FROM
Subject
AD_EMAIL_SUBJECT_CRITICAL
Body
MSGTXT
This process variable holds the body of the email.
-
Configure the Review Errors activity.
- This activity in the map is assigned to the Everyone group by default. Replace the Everyone group with the resource group or the individual responsible for reviewing errors in your organization. You can add TotalAgility resources as usable resources to this activity. See Assign resources manually.
- By default, Send email is selected, Send to is set to Group and any assigned users or roles, Subject is set to AD_EMAIL_SUBJECT_ERRORS variable, and Message is set to AD_EMAIL_CONTENT_ERRORS variable.
-
Set
URL. If SSL is enabled, change http to https. Replace <server name>
with <machine name>.
For TotalAgility in on-premise multi-tenant environment, replace <server name> with <tenant.machine name>.
- Select Append associated file.
-
Start a job using either option:
-
Manually start a job on the SYSTEM Active Directory Synchronization map. The Active Directory automatically synchronizes with TotalAgility.
-
Add a schedule to synchronize resources at regular intervals appropriate. The Active Directory automatically synchronizes with TotalAgility at the specified intervals.
The following happens:
-
The groups and users associated with the organizational unit are set as members of the relevant category. Users associated with groups in the Active Directory are set as associated group members in TotalAgility.
-
If a critical error occurs (Critical = True) such as an invalid username or password entered for the Active Directory server, TotalAgility sends an email to the Administrator through an email node ("Notify Administrator of Critical Errors" activity in this map) with details of the error. The Script activity ("Format Message" activity in this map) records the details of the errors.
-
If no critical errors occur (Critical = False) and synchronization is successful (Successful = True), the process ends.
-
If no critical errors occur (Critical = False) and synchronization is NOT successful (Successful = False), and a 'soft' error occurs such as an attempt to delete a resource being used in TotalAgility, you can resubmit the error for processing again ("Process Errors" activity) or complete the activity without reprocessing the errors. The AD_DEACTIVATE_USER setting controls what happens next. See SYSTEM Active Directory synchronization for more information on this setting.
-
By default, the history of the synchronization jobs is not retained in the database once the jobs complete. To record the history, in the properties panel of the process, on the "History, reporting and execution" tab, ensure Record history is selected.
-