Synchronize Active Directory with TotalAgility
Configure the SYSTEM Active Directory Synchronization sample map to suit your organization requirements. This map contains the following activities and decisions.
|AD Sync||A .NET activity that automatically executes synchronization. Sets the groups and users associated with the organizational unit as members of the relevant category. Sets the users associated with groups in Active Directory as associated group members in TotalAgility.|
|Critical||A decision that defines whether the error is critical or not.|
|Format Message||A Script activity that records the critical error.|
|Notify Administrator of Critical Errors||An Email activity that sends an email to the administrator with details of the critical error.|
|Successful||A decision that defines whether the synchronization is successful.|
|Review Errors||A manual ordinary activity that allows you
to do the following:
Alternatively, take and process the Review Errors activity through your work queue. When you take the Review Errors activity in the Active Directory Synchronization map, the AD Error Handling page appears.
Use the AD Error Handling page to review the Active Directory synchronization errors, fix the errors and retry synchronization, or ignore the errors and complete the process.
|Resubmit||A decision that defines whether to resubmit the error for processing again.|
|Process Errors||An activity that sends the error for processing again.|
Map the .NET method variables with the server and process variable
to configure the
AD_USERNAMEThe user name cannot be more than 56 characters.
Map the email node elements to the server and process variables to
Notify Administrator of Critical Errorsactivity.
Email node element
Server or process variable
This process variable holds the body of the email.
Configure the Review Errors activity.
This activity in the map is assigned to the Everyone group by
default. Replace the Everyone group with the resource group or the individual
responsible for reviewing errors in your organization. See
Assign resources manually.
- By default, Send email is selected, Send to is set to Group and any assigned users or roles, Subject is set to AD_EMAIL_SUBJECT_ERRORS variable and Message is set to AD_EMAIL_CONTENT_ERRORS variable.
URL. If SSL is
enabled, change http to https. Replace <server name> with <machine
For TotalAgility in on-premise multi-tenant environment, replace <server name> with <tenant.machine name>.
- Select Append associated file.
- This activity in the map is assigned to the Everyone group by default. Replace the Everyone group with the resource group or the individual responsible for reviewing errors in your organization. See Assign resources manually.
Start a job using either option:
Manually start a job on the SYSTEM Active Directory Synchronization map. The Active Directory automatically synchronizes with TotalAgility.
Add a schedule to synchronize resources at regular intervals appropriate. The Active Directory automatically synchronizes with TotalAgility at the specified intervals.
The following happens:
The groups and users associated with the organizational unit are set as members of the relevant category. Users associated with groups in the Active Directory are set as associated group members in TotalAgility.
If a critical error occurs (Critical = True) such as an invalid user name or password entered for the Active Directory server, TotalAgility sends an email to the Administrator through an email node (
Notify Administrator of Critical Errorsactivity in this map) with details of the error. The Script activity (
Format Messageactivity in this map) records the details of the errors.
If no critical errors occur (Critical = False) and synchronization is successful (Successful = True), the process ends.
If no critical errors occur (Critical = False) and synchronization is NOT successful (Successful = False), and a 'soft' error occurs such as an attempt to delete a resource being used in TotalAgility, you can resubmit the error for processing again (
Process Errorsactivity) or complete the activity without reprocessing the errors.
By default, the DeactivateUser server variable is set to false. You can make the users inactive by setting the DeactivateUser variable to true. When you delete a user from the Active Directory, the AD Sync process deactivates the user by setting the End Date as current date - 1 day.
By default, the history of the synchronization jobs is not retained in the database once the jobs complete. To record the history, in the properties panel of the process, on the
History, reporting and executiontab, ensure Record history is selected.