How To Set Up EPS Active Directory Synchronization

Irene Barnett -

What is EPS Active Directory Synchronization?

EPS Active directory synchronization allows for properties from a local AD forest to be synchronized to the hosted AD.  This means that an administrator or user can make changes at the local AD level that are automatically replicated to the equivalent AD objects hosted in the cloud.

Active Directory Synchronization can be useful if you have a requirement to maintain password-compliant regulations or simply do not want to maintain another set of user names and passwords.

Implementing the AD Sync tool requires the AD Sync software to be installed and run on a Windows Server machine on your network that will synchronize users to the cloud.  Additionally, the EPS AD Sync software will need to be installed on each of your domain controllers to capture user data (and passwords).

The process to synchronize the user/data is:

  1. The utility sends the data to the control panel remote engine that is running on your network.
  2. Data is securely encrypted and sent to Arkadin’s (cloud) control panel.
  3. Users are created on the hosted platform.
  4. Services are provisioned from the control panel.
  5. A Windows 2008 (or higher) server that is joined to your local domain.
  6. A firewall route to allow bi-directional access to/from server and 173.225.22.77 (port 5600).
  7. Create two security groups and two service accounts on local domain.
  8. Provide Arkadin remote access to the Windows server for installation and for engine upgrades.
  9. A small DLL will need to be installed on all Domain Controllers. This can be done by an Arkadin engineer if access is provided to all Domain Controllers or instructions can be provided to local IT staff.

What is required to setup AD Synchronization?

Below are the list of fields that are synchronized.

Users

AD Object Name

User Principal Name

User Password

Display Name

Description

First Name

Initials

Last Name

Office

Web Page

Email

Street

City

State

Zip Code

Country

Home Page

Home Phone

Work Phone

Pager

Mobile Phone

Fax

IP Phone

Notes

Title

Department

 

Contacts

AD Object Name

Display Name

Description

First Name

Initials

Last Name

Office

Web Page

Email

Street

City

State

Zip Code

Country

Home Page

Home Phone

Work Phone

Pager

Mobile Phone

Fax

IP Phone

Notes

Title

Department

Company Name

 

 

Groups

AD Object Name

Display Name

Description

Email

Group Type

 

 

Below are the necessary initial steps to take to set up AD Synchronization on your system.

Prepare the Back-end provisioning server

  1. Install Windows Server 2008 on remote engine server.
  2. Apply all current Windows Updates.
  3. Join server to the local domain.
  4. Disable the Windows firewall.
  5. Go to Add Features, expand .NET Framework 3.5.1 Features, and then expand WCF Activation. Select Non-HTTP activation.  When prompted to add features required for Non-HTTP Activation, click Add Required Features.  Then click Install.
  6. Download and install the .NET Framework 4.0.

Create Security users and groups in AD 

  1. Create a new OU called EPS in Active Directory.  This should be created off the root of the domain. For example, if your domain is called Contoso.com, the DN for the new OU would look like OU=EPS,DC=Contoso,DC=com
  2. Create a sub-OU inside of EPS called Security Users and Groups
  3. Inside the Security Users and Groups OU, create a user named ProviderAgentAdmin@Contoso.com (where contoso.com is the name of your domain).  Set the password to never expire.
  4. Inside the Security Users and Groups OU, create a new global security group called ProviderAgentAdmins
  5. Inside the Security Users and Groups OU, create a user called WorkflowEngineAdmin@Contoso.com (where Contoso.com is the name of your domain). Set the password to never expire.
  6. Inside the Security Users and Groups OU, create a new global security group called WorkflowEngineAdmins
  7. Add the WorkflowEngineAdmin user to the WorkflowEngineAdmins group
  8. Add the ProviderAgentAdmin user to the ProviderAgentAdmins group.
  9. Add the ProviderAgentAdmins group to the Domain Admins.

 

Once the above steps are complete, please submit the following information to Arkadin to complete the process.

EPS Service Accounts and passwords

Workflow Engine Admin user name:
password:                                                                 

Provider Agent Admin user name:
password:                                                                 

 

List of OUs (full DN path):

                                                                                                                                                                                                                                         

List of all external domains and local domains:

 

FQDN of remote engine server:                                                                                                       

 

External IP Address of remote engine server:                                                                                  

 

FQND of all Domain Controllers:

 

Instructions for accessing remote engine server:

 

Have more questions? Submit a request

Comments

Powered by Zendesk