Synchronising users with Active Directory
For many services (notably Email and personal webpages) users must have accounts on the NetManager. These can be created manually or in bulk (from CSV) on the NetManager itself, but it is also possible to synchronise a configured list of groups between Active Directory and NetManager. Users will be added, deleted and moved between groups as appropriate.
Firstly, create a standard, non-administrative user in Active Directory (we tend to use syncuser).
Next go to Groups > AD Sync in webadmin and go the Configure tab. Enter the details of the user created in the first step.
Once this is done, you are able to configure the list of groups to synchronise. Two columns are presented; Active Directory on the left and NetManager on the right. Single groups can be added and removed by clicking the <<Add and Remove links in the NetManager column.
To save time and future-proof the configuration, you can specify groups by wildcard (particularly useful for synchronising all pupil years, e.g.
intake* would match
intake12). To do this you will need to edit the list of groups manually (in the box above the list).
Similarly, if you want group names on NetManager to be different from those in Active Directory you will need to edit the list of groups manually.
The manual list is entered by separating each group with commas. A renamed group is specified in the format AD-Group:NM-Group. Wildcard groups with a * character. For example, the Teaching Staff group can be synchronised with the NetManager staff group as well as all the pupil intake years with
Go to the Synchronise tab. The configured groups will be listed along with the number of users in AD and on NetManager. If the numbers differ the background will be highlighted in yellow. Usernames that are too long will be flagged too. Click the Synchronise now to run the synchronisation.
N.B. if a user is in multiple AD groups they will only be put into one group on NetManager (the first matching group). This means that you may always find differences between the number of users in the groups between AD and NetManager.
You can schedule synchronisation by using the Schedule tab. It does not need to be run very frequently.
What passwords will newly-created users have?
New users will not have a valid password (this is not the same as an empty password). Therefore you must either change the password before use or configure LDAP authentication. Both these options are discussed here.
What happens to users already on the NetManager?
If users are in a group configured to be synchronised with AD (i.e. exist on NetManager and exist in an AD group that has been set to be synchronised), they will be moved to the new group. Otherwise they will not be touched at all.
What happens when I delete a user from AD?
If users are in a 'managed' group on AD (i.e. one configured for synchronisation), they will be deleted (which deletes their email, etc.). Otherwise they will not be touched. Therefore if you want to keep that user you need to move them out of a 'managed' group on the NetManager.