Synchronize Active Directory with TotalAgility

Configure the SYSTEM Active Directory Synchronization sample map to suit your organization requirements. This map contains the following activities and decisions.


AD Synchronization process map

Activity Description
AD Sync A .NET activity that automatically executes synchronization. Sets the groups and users associated with the organizational unit as members of the relevant category. Sets the users associated with groups in Active Directory as associated group members in TotalAgility.
Critical A decision that defines whether the error is critical or not.
Format Message A Script activity that records the critical error.
Notify Administrator of Critical Errors An Email activity that sends an email to the administrator with details of the critical error.
Successful A decision that defines whether the synchronization is successful.
Review Errors A manual ordinary activity that allows you to do the following:
  • Resubmit the error for processing again.

  • Complete or abandon the errors without reprocessing them.

  • Cancel or hold the errors to continue the review later.

Alternatively, take and process the Review Errors activity through your work queue. When you take the Review Errors activity in the Active Directory Synchronization map, the AD Error Handling page appears.

Use the AD Error Handling page to review the Active Directory synchronization errors, fix the errors and retry synchronization, or ignore the errors and complete the process.

Resubmit A decision that defines whether to resubmit the error for processing again.
Process Errors An activity that sends the error for processing again.

  1. Map the .NET method variables with the server and process variable to configure the "AD Sync" activity.
    • AD_SERVERNAME

    • AD_SERVERNAME_CN

    • AD_USERNAME

      The user name cannot be more than 56 characters.

    • AD_PASSWORD

    • AD_LAST_USNCHANGED

    • AD_SECURITYLEVEL

    • AD_CHASE_REFERRAL

    • SETCATEGORYACCESS

    • AD_DEACTIVATE_USER

    • BSUCCESSFUL

    • ERRORXML

    • BCRITICAL

    • CRITICAL_ERROR_TEXT

  2. Map the email node elements to the server and process variables to configure the "Notify Administrator of Critical Errors" activity.

    Email node element

    Server or process variable

    To

    AD_EMAIL_ADMINISTRATOR

    From

    SYSTEM_EMAIL_FROM

    Subject

    AD_EMAIL_SUBJECT_CRITICAL

    Body

    MSGTXT

    This process variable holds the body of the email.

  3. Configure the Review Errors activity.
    1. This activity in the map is assigned to the Everyone group by default. Replace the Everyone group with the resource group or the individual responsible for reviewing errors in your organization. You can add TotalAgility resources as usable resources to this activity. See Assign resources manually.
    2. By default, Send email is selected, Send to is set to Group and any assigned users or roles, Subject is set to AD_EMAIL_SUBJECT_ERRORS variable and Message is set to AD_EMAIL_CONTENT_ERRORS variable.
    3. Set URL. If SSL is enabled, change http to https. Replace <server name> with <machine name>.

      For TotalAgility in on-premise multi-tenant environment, replace <server name> with <tenant.machine name>.

    4. Select Append associated file.
  4. Start a job using either option:
    • Manually start a job on the SYSTEM Active Directory Synchronization map. The Active Directory automatically synchronizes with TotalAgility.

    • Add a schedule to synchronize resources at regular intervals appropriate. The Active Directory automatically synchronizes with TotalAgility at the specified intervals.

    The following happens:

    • The groups and users associated with the organizational unit are set as members of the relevant category. Users associated with groups in the Active Directory are set as associated group members in TotalAgility.

    • If a critical error occurs (Critical = True) such as an invalid user name or password entered for the Active Directory server, TotalAgility sends an email to the Administrator through an email node ("Notify Administrator of Critical Errors" activity in this map) with details of the error. The Script activity ("Format Message" activity in this map) records the details of the errors.

    • If no critical errors occur (Critical = False) and synchronization is successful (Successful = True), the process ends.

    • If no critical errors occur (Critical = False) and synchronization is NOT successful (Successful = False), and a 'soft' error occurs such as an attempt to delete a resource being used in TotalAgility, you can resubmit the error for processing again ("Process Errors" activity) or complete the activity without reprocessing the errors.

    • By default, the DeactivateUser server variable is set to false. You can make the users inactive by setting the DeactivateUser variable to true. When you delete a user from the Active Directory, the AD Sync process deactivates the user by setting the End Date as current date - 1 day.

    • By default, the history of the synchronization jobs is not retained in the database once the jobs complete. To record the history, in the properties panel of the process, on the "History, reporting and execution" tab, ensure Record history is selected.