After mentioning an update to the Active Directory Connector back in October, we have finally found a moment to build it!
The connector is available from V3.0.1318 which you can download here, and we have new documentation available here. Once downloaded you can find the connector in the normal spot in the connection window under Active Directory.
This now provides a fully no code solution for Active Directory, as all the lookups are handled for you. However if you have requirements outside of the general scope you can still extend your project with Dynamics Columns and Project Automation.
If you have any projects using the old connector they will continue to use that connection until you decide to change them. We did this so then your projects do not suddenly break when you decide to upgrade and you can take your time trying it on new projects before improving your old ones.
You also have the normal functionality of storing your connections in the connection library, the ability to preview the data before connecting, and the ability to drag and drop your connections to connect and create lookups.
What has changed?
In brief we've made it easier to update managers, users account status (userAccountControl), set a password on new accounts and add/remove users to/from groups. We've added in functionality to return computers within your AD and you can connect and manage contact records.
The way we have removed the complexity around these tasks is by introducing Data Sync specific columns (DS- columns). These DS columns handle lookups, data conversions, and the quirky requirements AD has in order to update certain fields.
Meaning you now only need to map your columns and not worry about adding functions to your projects.
Connect to Groups
The ability to connect to and manage groups is a new feature to this connector and there are multiple options available for you to use. The one to choose will depend on your source data and what you are trying to do.
Group Members
You can manage group members by passing in a list of groups against a list of users with the Active Directory V2 - Group Members connector.
You would connect your group names to DS-Group-SAMAccountName and the members to DS-Member-SAMAccountName with both being a key column. If you don't have both as a key column you will get a duplicates error for each user if they are listed against more than one group.
If you want to remove users from groups, don't forget to set EnableDelete to True.
Passing Users to Groups
Another option is to pass an array of users/members to each group, with the Active Directory V2 - Users/Contacts/Groups/Computers connector and selecting Groups from the drop down.
Your users should be listed in alphabetical order and separated by a semi-colon (;).
You need to map your group name to the DS-SAMAccountName column and your users to the DS-MemberNames. Data Sync will then handle the user lookup and add the users to the groups. If any of the groups do not exist in your AD then Data Sync will create them and add any users listed.
Passing Groups to Users
Alternatively you can choose to add users to groups by connecting to the users and passing in an array of groups they are members of. Just add your group list column to the schema map and link it to the column DS-User-MemberOf.
The groups need to be listed in alphabetical order and be separated by a semi-colon (;).
Adding Users
Adding and managing your users in AD with Data Sync is now incredibly easy.
Simply connect with the Active Directory V2 - Users/Contacts/Groups/Computers connector, keeping Users in the dropdown. Map the columns you need and Data Sync will handle the rest.
Updating Managers
To update the manager attribute you can choose between using the Employee ID, the sAMAccountName, the distinguished name or the email address to map your fields.
Which you pick will depend on the data you have in your source data. If you have more than one available in your source please only select one.
You then map this column to the corresponding DS- column.
The DS column then does the lookup for you and will convert the manager details into the format AD is expecting.
Setting Passwords for New Users
You no longer need to write project automation code to supply a password for new users. Just map your password column to the DS-SetPassword column to add a password for the new users.
For updating the password on existing accounts you will need to use project automation which is explained here.
Setting the User Account Control
As you are all aware, the UserAccountControl determines if a user account is enabled or disabled. Rather than needing to figure out the code to pass to AD you can now just map a boolean true/false column to state the account status.
For example if you have a column named IsDisabled and when the account is disabled this is set to true, you can map this to DS-UAC-Disabled.
We've also covered the User Account Control Flags Locked, PasswordExpired and PasswordDoesNotExpire. Just map your boolean source column to the corresponding DS column and Data Sync will set the flags accordingly.
Return Computers
This can be used for reporting what computers are listed in your Active Directory OU.
You can return a list of computers available, the managers associated with those computers, and apply LDAP filters to further limit your results depending on what you need returning.
Manage Contacts
Contacts also has the useful DS columns so that lookups are handled for you. Just connect using the Active Directory V2 - Users/Contacts/Groups/Computers connector and select Contacts from the dropdown, map your columns, compare and sync.
You need to map the contact name to the DS-Account-CN at a minimum to add contact records. An example of how your mapping might look is:
Any Suggestions?
As this is currently still in development, now is your chance to try it out and relay any feedback or requests you may have.
Go ahead and download the beta version to try it out for yourself, and as always if you have any questions just send us an email.