Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
F: +44 (0)8456 446 899 / +44 (0)1223 359459
E: enquiries@precedence.co.uk
AD-Sync

Jump To: Support > KB > NetManager > AD > Sync

Synchronising users with Active Directory

For many services (notably Email and personal webpages) users must have accounts on the NetManager. These can be created manually or in bulk (from CSV) on the NetManager itself, but it is also possible to synchronise a configured list of groups between Active Directory and NetManager. Users will be added, deleted and moved between groups as appropriate.

Configuring groups

Firstly, create a standard, non-administrative user in Active Directory (we tend to use syncuser).

Next go to Groups > AD Sync in webadmin and go the Configure tab. Enter the details of the user created in the first step.

Once this is done, you are able to configure the list of groups to synchronise. Two columns are presented; Active Directory on the left and NetManager on the right. Single groups can be added and removed by clicking the <<Add and Remove links in the NetManager column.

To save time and future-proof the configuration, you can specify groups by wildcard (particularly useful for synchronising all pupil years, e.g. intake* would match intake10, intake11, intake12). To do this you will need to edit the list of groups manually (in the box above the list).

Similarly, if you want group names on NetManager to be different from those in Active Directory you will need to edit the list of groups manually.

The manual list is entered by separating each group with commas. A renamed group is specified in the format AD-Group:NM-Group. Wildcard groups with a * character. For example, the Teaching Staff group can be synchronised with the NetManager staff group as well as all the pupil intake years with Teaching Staff:staff,intake*.

Synchronising

Go to the Synchronise tab. The configured groups will be listed along with the number of users in AD and on NetManager. If the numbers differ the background will be highlighted in yellow. Usernames that are too long will be flagged too. Click the Synchronise now to run the synchronisation.

N.B. if a user is in multiple AD groups they will only be put into one group on NetManager (the first matching group). This means that you may always find differences between the number of users in the groups between AD and NetManager.

Scheduling

You can schedule synchronisation by using the Schedule tab. It does not need to be run very frequently.


FAQ

What passwords will newly-created users have?

New users will not have a valid password (this is not the same as an empty password). Therefore you must either change the password before use or configure LDAP authentication. Both these options are discussed here.

What happens to users already on the NetManager?

If users are in a group configured to be synchronised with AD (i.e. exist on NetManager and exist in an AD group that has been set to be synchronised), they will be moved to the new group. Otherwise they will not be touched at all.

What happens when I delete a user from AD?

If users are in a 'managed' group on AD (i.e. one configured for synchronisation), they will be deleted (which deletes their email, etc.). Otherwise they will not be touched. Therefore if you want to keep that user you need to move them out of a 'managed' group on the NetManager.

© Copyright Precedence Technologies 1999-2017
Page last modified on November 23, 2016, at 04:57 PM by sborrill