Microsoft Onsite Active Directory App Installation

Guide Overview

The Microsoft Onsite Active Directory App allows administrators to integrate Incident IQ with a local AD server. This allows districts the ability to automatically populate and update user data in iiQ directly from their AD server.

The following guide is designed to provide step-by-step instructions on the following:

  • How to install the Microsoft Onsite AD App
  • Downloading the correct integration files and creating an AD user
  • Configuring the AD executable
  • Creating an automated scheduled task to sync user data

 

Guide Index

You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.

  1. Microsoft Onsite AD App Installation
  2. Creating an Active Directory User
  3. Downloading SYNC and Configuration ZIP Files
  4. Configuring the Active Directory Integration
  5. Creating a Scheduled Sync Task

 

App Installation

Before beginning the installation process you will need to ensure you have the following:

  • Ability to create and edit user permission in your active directory.
  • A machine that runs .NET Framework v.4.5.1 or higher and also has network access to reach your district's AD server.

Begin by selecting Incident IQ Apps > Browse on the left navigation bar.

Browse_Apps.png

Click on the Microsoft Onsite Active Directory App (v2) and then select Install to begin.

Microsoft_AD_App_Install_1.png

Step one of the installation process simply provides an overview of how installing the Microsoft Onsite Active Directory app will affect your Incident IQ installation. Select Continue once you are ready to proceed to step two.

Microsoft_AD_App_Install_2.png

The first phase of step two will ask you to assign a default role for users that have not already been assigned a group mapping. By default, this is set to Guest unless otherwise changed. Once you have assigned the default role select Continue.

Microsoft_AD_App_Install_3.png

In the second phase of step two, you will be asked to assign a default location for users for users that have not already been assigned a group mapping. Once you have assigned the default location select Continue.

Microsoft_AD_App_Install_4.png

At this time you may make changes to any section by clicking on any of the checked settings. Click Continue when you are ready to proceed.

Microsoft_AD_App_Install_5.png

In step three, you will be asked to review all of the changes that are about to be made to your Incident IQ site. Before moving on please keep in mind that after the installation process begins it cannot be stopped. Once you have completed your review select Install App to begin the integration process.

Microsoft_AD_App_Install_6.png

Once the installation has been completed you can now begin creating an active directory user.

Microsoft_AD_App_Install_7.png

[Return to Index]

 

Creating an Active Directory User

Once you've installed the Microsoft AD app in Incident IQ, you will now need to create a new user in your Active Directory. This user will need the following roles assigned to it:

  • Replicating directory changes.
  • Replicating directory changes in filtered set.
  • Replicating directory changes all.
  • Read.

warning.pngImportant Note:You will need to complete this step before proceeding. If you are unfamiliar with how to grant these specific permissions to a user then please refer to the following Microsoft help guide on Giving Users Replicating Directory Changes Permissions.

[Return to Index]

 

Downloading SYNC and Configuration Files

Now you will need to download the application for the AD-iiQ sync. This application will need to be downloaded on a machine that has network access to reach an AD server (you can run it on the AD server itself, but that's not a requirement). Additionally, the machine that runs the app will need to have the .NET framework v4.5.1 or higher.

You can download this file from the Microsoft Onsite Active Directory (v2) app in Incident IQ. To access this file, begin by selecting Incident IQ Apps > Manage on the left navigation bar.

Manage_Apps.png

On the Installed Apps tab, find Microsoft Onsite Active Directory (v2) and click on Manage.

Managing_AD_App.png

This will take you to the app Overview tab. From here, you will need to click on Download Local AD Synchronization Executable to download the executable zip file.

Overview_Tab_1.png

Next, you will need to download the UserSync.conf file. In the Overview tab, click on the Download Configuration Template button.

Overview_Tab_2.png

[Return to Index]

 

Configuring the Active Directory Integration

After you have created your AD user and downloaded the necessary files, you will now need to extract the Microsoft AD Connectors file. Once all files have been extracted, move the UserSync.conf file into the unzipped folder containing the sync application.

Next, run the application titled IncidentIQ.Connectors.MicrosoftAd.exe. This will open up a new application window.

Settings_Configuration_0.png

In the top section of the application window, you will need to modify the following default settings: ad.username, ad.password, ad.domain, and ad.ip.

warning.pngImportant Note: All fields must be kept inside of quotation marks. Data entered without these quotations will not configure properly.

Settings_Configuration.png

The ad.password value should be encrypted. To get the encrypted value to fill into the settings, click the Common tab and enter the ad.password in the text field labeled Clear text. Copy the Encrypted value and paste it as the value for the ad.password setting.

Settings_Configuration_2.png

Once all of your settings have been entered, click Save configuration.

Settings_Configuration_3.png

After you've confirmed that the configuration has successfully saved, click Run now. Running the application can take a while depending on the number of users in your AD (syncing about 10,000 users takes roughly 10-15 minutes).

Upon completion, you will see a message stating "Completed sending data to IncidentIQ."

Settings_Configuration_4.png

[Return to Index]

 

Creating a Scheduled Sync Task

To schedule the sync to occur automatically, you'll need to create a task in Windows Task Manager. You can do so by searching for Administrative Tools and selecting Task Scheduler. This will open the Task Scheduler window.

Task_Scheduler_1.png

In the Task Scheduler window, start by clicking on Action > Create Basic Task...

Task_Scheduler_2.png

This will open the Create Basic Task Wizard. At the very least, you will need to provide a name for the new task. You can also add a task if desired. Once complete, click Next.

Task_Scheduler_3.png

In the next step, you will be asked to select when this task should Trigger. We recommend running it daily (overnight) for the most accurate user data. Please ensure you set the task to run regardless of whether a user is logged in or not on the server. Once complete, click Next.

Task_Scheduler_4.png

For the next step, you will need to specify what action the task will take when running. Select Start a Program and then click on Next.

Task_Scheduler_5.png

When specifying the action to perform, locate the file IncidentIQ.Connectors.MicrosoftAd.exe in the Program/script file browser. Supply the argument -usersync in the Add arguments field. And finally, you will need to indicate the path you unzipped the files to in the Start in field. Once complete, click Next.

Task_Scheduler_6.png

In the final step, you may review all of the settings of your task. Once you have completed your review, click Finish to complete the task set up.

Task_Scheduler_7.png

[Return to Index]

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.