The Microsoft Onsite Active Directory App allows administrators to integrate Incident IQ with a local AD server. This allows districts the ability to automatically populate and update user data in iiQ directly from their AD server.
The following guide is designed to provide step-by-step instructions on the following:
- How to install the Microsoft Onsite AD App
- Downloading the correct integration files and creating an AD user
- Configuring the AD executable
- Creating an automated scheduled task to sync user data
You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.
- Microsoft Onsite AD App Installation
- Creating an Active Directory User
- Downloading SYNC and Configuration ZIP Files
- Configuring the Active Directory Integration
- Creating a Scheduled Sync Task
Before beginning the installation process you will need to ensure you have the following:
- Ability to create and edit user permission in your active directory.
- A machine that runs .NET Framework v.4.5.1 or higher and also has network access to reach your district's AD server.
Begin by selecting Incident IQ Apps > Browse on the left navigation bar.
Click on the Microsoft Onsite Active Directory App (v2) and then select Install to begin.
Step one of the installation process simply provides an overview of how installing the Microsoft Onsite Active Directory app will affect your Incident IQ installation. Select Continue once you are ready to proceed to step two.
The first phase of step two will ask you to assign a default role for users that have not already been assigned a group mapping. By default, this is set to Guest unless otherwise changed. Once you have assigned the default role select Continue.
In the second phase of step two, you will be asked to assign a default location for users for users that have not already been assigned a group mapping. Once you have assigned the default location select Continue.
At this time you may make changes to any section by clicking on any of the checked settings. Click Continue when you are ready to proceed.
In step three, you will be asked to review all of the changes that are about to be made to your Incident IQ site. Before moving on please keep in mind that after the installation process begins it cannot be stopped. Once you have completed your review select Install App to begin the integration process.
Once the installation has been completed you can now begin creating an active directory user.
Creating an Active Directory User
Once you've installed the Microsoft AD app in Incident IQ, you will now need to create a new user in your Active Directory. This user will need the following roles assigned to it:
- Replicating directory changes.
- Replicating directory changes in filtered set.
- Replicating directory changes all.
Important Note:You will need to complete this step before proceeding. If you are unfamiliar with how to grant these specific permissions to a user then please refer to the following Microsoft help guide on Giving Users Replicating Directory Changes Permissions.
Downloading SYNC and Configuration Files
Now you will need to download the application for the AD-iiQ sync. This application will need to be downloaded on a machine that has network access to reach an AD server (you can run it on the AD server itself, but that's not a requirement). Additionally, the machine that runs the app will need to have the .NET framework v4.5.1 or higher.
You can download this file from the Microsoft Onsite Active Directory (v2) app in Incident IQ. To access this file, begin by selecting Incident IQ Apps > Manage on the left navigation bar.
On the Installed Apps tab, find Microsoft Onsite Active Directory (v2) and click on Manage.
This will take you to the app Overview tab. From here, you will need to click on Download Local AD Synchronization Executable to download the executable zip file.
Next, you will need to download the UserSync.conf file. In the Overview tab, click on the Download Configuration Template button.
Configuring the Active Directory Integration
After you have created your AD user and downloaded the necessary files, you will now need to extract the Microsoft AD Connectors file. Once all files have been extracted, move the UserSync.conf file into the unzipped folder containing the sync application.
Next, run the application titled IncidentIQ.Connectors.MicrosoftAd.exe. This will open up a new application window.
In the top section of the application window, you will need to modify the following default settings: ad.username, ad.password, ad.domain, and ad.ip.
Important Note: All fields must be kept inside of quotation marks. Data entered without these quotations will not configure properly.
The ad.password value should be encrypted. To get the encrypted value to fill into the settings, click the Common tab and enter the ad.password in the text field labeled Clear text. Copy the Encrypted value and paste it as the value for the ad.password setting.
Once all of your settings have been entered, click Save configuration.
After you've confirmed that the configuration has successfully saved, click Run now. Running the application can take a while depending on the number of users in your AD (syncing about 10,000 users takes roughly 10-15 minutes).
Upon completion, you will see a message stating "Completed sending data to IncidentIQ."
Creating a Scheduled Sync Task
To schedule the sync to occur automatically, you'll need to create a task in Windows Task Manager. You can do so by searching for Administrative Tools and selecting Task Scheduler. This will open the Task Scheduler window.
In the Task Scheduler window, start by clicking on Action > Create Basic Task...
This will open the Create Basic Task Wizard. At the very least, you will need to provide a name for the new task. You can also add a task if desired. Once complete, click Next.
In the next step, you will be asked to select when this task should Trigger. We recommend running it daily (overnight) for the most accurate user data. Please ensure you set the task to run regardless of whether a user is logged in or not on the server. Once complete, click Next.
For the next step, you will need to specify what action the task will take when running. Select Start a Program and then click on Next.
When specifying the action to perform, locate the file IncidentIQ.Connectors.MicrosoftAd.exe in the Program/script file browser. Supply the argument -usersync in the Add arguments field. And finally, you will need to indicate the path you unzipped the files to in the Start in field. Once complete, click Next.
In the final step, you may review all of the settings of your task. Once you have completed your review, click Finish to complete the task set up.