The Microsoft Onsite Active Directory App allows administrators to integrate Incident IQ with a local AD server. This allows districts the ability to automatically populate and update user data in iiQ directly from their AD server.
The following guide is designed to provide step-by-step instructions on the following:
- How to install the Microsoft Onsite AD App
- Downloading the correct integration files and creating an AD user
- Configuring the AD executable
- Creating an automated scheduled task to sync user data
You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.
- Microsoft Onsite AD App Installation
- Creating an Active Directory User
- Configuring and Downloading the App Executable
- Creating a Scheduled Sync Task
Before beginning the installation process you will need to ensure you have the following:
- Ability to create and edit user permission in your active directory.
- A machine that runs .NET Framework v.4.5.1 or higher and also has network access to reach your district's AD server.
Begin by selecting Incident IQ Apps > Browse on the left navigation bar.
Click on the Microsoft Onsite Active Directory App (v2) and then select Install to begin.
Step one of the installation process simply provides an overview of how installing the Microsoft Onsite Active Directory app will affect your Incident IQ installation. Select Continue once you are ready to proceed to step two.
The first phase of step two will ask you to assign a default role for users that have not already been assigned a group mapping. By default, this is set to Guest unless otherwise changed. Once you have assigned the default role select Continue.
In the second phase of step two, you will be asked to assign a default location for users for users that have not already been assigned a group mapping. Once you have assigned the default location select Continue.
At this time you may make changes to any section by clicking on any of the checked settings. Click Continue when you are ready to proceed.
In step three, you will be asked to review all of the changes that are about to be made to your Incident IQ site. Before moving on please keep in mind that after the installation process begins it cannot be stopped. Once you have completed your review select Install App to begin the integration process.
Once the installation has been completed you can now begin creating an active directory user.
Creating an Active Directory User
Once you've installed the Microsoft AD app in Incident IQ, you will now need to create a new user in your Active Directory. This user will need the following roles assigned to it:
- Replicating directory changes.
- Replicating directory changes in filtered set.
- Replicating directory changes all.
Important Note:You will need to complete this step before proceeding. If you are unfamiliar with how to grant these specific permissions to a user then please refer to the following Microsoft help guide on Giving Users Replicating Directory Changes Permissions.
Configuring and Downloading the App Executable
Now you will need to download the application for the AD-iiQ sync. This application will need to be downloaded on a machine that has network access to reach an AD server (you can run it on the AD server itself, but that's not a requirement). Additionally, the machine that runs the app will need to have the .NET framework v4.5.1 or higher.
You can download this file from the Microsoft Onsite Active Directory (v2) app in Incident IQ. To access this file, begin by selecting Incident IQ Apps > Manage on the left navigation bar.
On the Installed Apps tab, find Microsoft Onsite Active Directory (v2) and click on Manage.
This will take you to the app Overview tab. From here, you will need to click on Enable User Login and Enable User Sync to enable the integration app. Once these have been enabled click Save.
Next, you will need to configure and then download the executable file. To do so, begin by clicking on the Sync Executable tab.
From here, you will need to input the following information to configure your executable download:
- AD Username
- AD Password
- AD Domain
- AD Server IP
- Group OU Searches (Optional)
- User OU Searchers (Optional)
- Additional AD Attributes to copy (Optional)
Once you have completed entering in your configuration settings click on Download Executable. After downloading the ZIP file, extract it to a folder on a computer with access to your Local AD.
Creating a Scheduled Sync Task
To schedule the sync to occur automatically, you'll need to create a task in Windows Task Manager. You can do so by searching for Administrative Tools and selecting Task Scheduler. This will open the Task Scheduler window.
In the Task Scheduler window, start by clicking on Action > Create Basic Task...
This will open the Create Basic Task Wizard. At the very least, you will need to provide a name for the new task. You can also add a task if desired. Once complete, click Next.
In the next step, you will be asked to select when this task should Trigger. We recommend running it daily (overnight) for the most accurate user data. Please ensure you set the task to run regardless of whether a user is logged in or not on the server. Once complete, click Next.
For the next step, you will need to specify what action the task will take when running. Select Start a Program and then click on Next.
When specifying the action to perform, locate the file IncidentIQ.Connectors.MicrosoftAd.exe in the Program/script file browser. Supply the argument -usersync in the Add arguments field. And finally, you will need to indicate the path you unzipped the files to in the Start in field. Once complete, click Next.
In the final step, you may review all of the settings of your task. Once you have completed your review, click Finish to complete the task set up.