ADOneAgent-Commands-Actions-ADEnrollmentStrategy-icon Active Directory Enrollment Strategy

<< Click to view the table of contents >>

Navigation:  ADOne Agent > Commands > Actions >

ADOneAgent-Commands-Actions-ADEnrollmentStrategy-icon Active Directory Enrollment Strategy

 

Allow automated creation or modification of user accounts based on a Microsoft Excel document and a customized template.

 

This action monitors a shared folder and waits for a Microsoft Excel file properly prepared for user or group import to be added to the folder.

When the software detects the Excel file inside the target folder, it runs a series of validity checks; if these are passed, it automatically creates a project based on the template created previously and associated with the action. This process is similar to when an Excel file is imported using the Active Directory One GUI, although in this case, additional validity checks are done on the project records and finally they are stored in Active Directory.

 

After storage, the import file is moved to a subfolder named Processed\InputFileName-DateTime\. In the same folder, a report in Microsoft Excel or other formats can be placed, which contains the result of the operation. Changes in Active directory made by this procedure are stored in the Windows event log and displayed in the Event log window.

 

 

Enrollment strategy workflow

 

ADOneAgent-Commands-Actions-ADEnrollmentStrategy-Workflow

 

Active Directory enrollment strategy wizard

 

ADOneAgent-Commands-Actions-ADEnrollmentStrategy-Wizard1

Action description: this is descriptive text that appears in the main grid, the description is also used by the software as an identifier of the action and therefore no duplicates are allowed for this field.

 

Credentials... must contain a set of credentials that are used by the service to access the shared folder that will contain the import file and to perform the storage procedure in Active Directory. Full Control permissions are required for the folder and Domain Admins group membership for storage in AD. It is recommended to create a service account, dedicated to this type of operation and not to use person accounts. See Manage Credentials for more information on creating and managing service accounts.

 

Scheduler waiting time... is the time that must elapse after the execution of the action is completed, during the wait time no action is performed and the service communicates with the user interface only to show the remaining time with a countdown.

 

Activate this action: activates the action in the action execution sequence and then when the service is activated with the Execute now command, the action will be processed in the scheduled sequence according to the order of the OE property (execution order) in the main grid.

ADOneAgent-Commands-Actions-ADEnrollmentStrategy-Wizard2

Specify the network shared folder to monitor: an existing UNC network path to the shared folder that will contain the import file is required, for example: \ServerName\SharedFolder\. The folder should be set with Full Control type access permissions to the service account or Domain Admins group.

 

Select the shared template you want to apply: To create a custom template for the type of users or groups you want to manage use the Active Directory One application and create a New User Project or New Group Project, customize the attributes, defaults and rules with the Manage Attributes command, save the project and in the Recent Files Window use the Create a Template from this project command. It is also recommended to do some tests of importing from an Excel file into a project based on the template to be used in this procedure to optimize the result with GUI support.

ADOneAgent-Commands-Actions-ADEnrollmentStrategy-Wizard3

After a template of type User has been chosen in the step: Folder path to monitor and template to apply, the wizard asks you what is to be stored in Active Directory or the file system.

 

Users: new users will be created in Active Directory, and if users already exist in AD, attributes will be updated. To identify existing users, the algorithm uses the objectSid attribute or the exact match of the name, userPrincipalName and sAMAccountName attributes, it is also checked if an override list has been set in the storage options. Therefore, when you want to edit existing users, you must handle the configuration of the template correctly and in the import Excel file so that you get the correct matches.

oFor new users and users with a value in the Extra_InitialPassword field...: initial passwords will be created for new users, if an Extra_InitialPassword column has been added in the Excel file to be imported and a value exists in the field this will be used for both new and existing users.

oFor new users only: initial passwords will be created for new users, if an Extra_InitialPassword column has been added to the Excel file to be imported and a value exists in the field this will only be used for new users, any values present for existing users will be ignored.

oFor all users: new passwords will be created for all users, if an Extra_InitialPassword column has been added to the Excel file to be imported and a value exists in the field this will be stored, if there is no value in the field a new password obtained from the password rule set in the template will be generated.

 

Home Folders and the file system data: Sets the folder access permissions in the file system related to the attributes attached to a rule of type Data Folder such as the homeDirectory attribute. Note: If no Data Folder type rules are set in the template, this option is disabled

oUpdate only security permissions and leave unchanged user data: set folder access permissions on the disk, data remains unchanged and only security descriptors are updated according to the respective Data Folder rule settings.

oDelete user data and rebuild a new home folder: Deletes all data contained in folders on the disk and sets security descriptors according to the settings of the respective Data Folder rules.

ADOneAgent-Commands-Actions-ADEnrollmentStrategy-Wizard4

After a template of type Group has been chosen in the step: Folder path to monitor and template to apply, the wizard asks you what is to be stored in Active Directory or the file system.

 

Groups: new groups will be created in Active Directory, and if groups already exist in AD, attributes will be updated. To identify existing groups, the algorithm uses the objectSid attribute or the exact match of the name attribute, it is also checked if an override list has been set in the storage options. Therefore, when you want to edit existing groups, you must handle the configuration of the template correctly and in the import Excel file so that you get the correct matches.

 

File system data folders: Sets the folder access permissions in the file system related to the attributes attached to a rule of type Data Folder. Note: If no Data Folder type rules are set in the template, this option is disabled

oUpdate only security permissions and leave the data unchanged: set folder access permissions on the disk, data remains unchanged and only security descriptors are updated according to the respective Data Folder rule settings.

oDelete data and rebuild a new folder: Deletes all data contained in folders on the disk and sets security descriptors according to the settings of the respective Data Folder rules.

ADOneAgent-Commands-Actions-ADEnrollmentStrategy-Wizard5

Create a report file in the monitored folder: when the procedure is completed, the file containing the report with the results of the operations is copied to a sub-folder in the following location: Processed\ImportFileName-DateTime\ImportFileName-Report.format. Several output formats are available; if multiple formats are selected, multiple files will be generated in the same folder.

 

Email the report file: the report with the results of the operations is sent via email. If several output formats are selected, the different files will be attached in the same email.

oReceiver email address: email address of the person or distribution group that will receive the report with the result of operations via email.

oStandard mail server: configuration of the SMTP server that will be used by the service to send the mail. An account with authorization to perform mail sending should be used, if using an Exchange Online account in Microsoft 365 the SMTP Authentication option should be enabled in the tenant's user properties, for more information on this see the Microsoft online documentation.

 

oSendGrid Server: uses the SendGrid.com platform for sending mail and the appropriate API KEY for the service should be entered.

 

 

See also: Actions - Importing from an Excel file - Manage credentials