Skip Navigation LinksALVAO 10.0ALVAO Asset ManagementSystem Implementation in an OrganizationUser ManagementImportAD Skip Navigation Links. Skip Navigation Links Skip Navigation Links.


Change ALVAO version
Change language

ImportAD

Feature Description

You can use this application to import (synchronize) users and groups from Active Directory for the entire ALVAO system. This utility also allows you to import objects (users, computers and organizational structures) to the Asset Management module.

Note:
If members coming from other trusted domains appear in the imported groups, in some cases it is necessary to specify the domains in the AdTrustedDomain table.

Command Line Syntax

ImportAD /adpath "LDAP path" {/conn "connection string" | /server "database server name" /db "database name"} [/users [remove,outsidegroups]] [/usermap "attribute mapping"] [/objects {users,computers,ou,flat}] [/objectparentid "NodeId"] [/login "login name"] [/pswd "password"] [/log "file"] [/progress] [/wait] [/help] [/noportraits]

Detailed Description of Parameters

Parameter Description
/adpath <LDAP path> The path in Active Directory in the LDAP format. Three options are supported:
  1. DC import (entire AD) – all users and groups are imported, including the group membership settings and users in groups ("copy" of the entire AD).
  2. Import of a specific OU (organizational unit) – all users and groups from the specified OU are imported. Here you can use the outsidegroups parameter, see more detailed description below.
  3. Import of a specific CN (group) – all users and groups are imported which are members of a specific groups (in-depth – see note below).

Note:

  • In-dept browsing of group memberships is based on scanning all groups that are members of a specific group, followed by a scan of all members, nested members etc.
    Example: Group C is a member of group B and group B is a member of group A. Then all groups, A, B, and C, will be imported.
  • The /objects radio button (object import to Asset Management) does not work with paths routed from a specific group (CN).
/conn <string>
/server <server name>
/db <database name>		 These parameters contain connection settings for the ALVAO database. You can use connection strings (e.g. /conn "Data source=.\sqlexpress;Initial Catalog=test;Integrated Security = True"), or enter a specific SQL server and database (e.g. /server ".\sqlexpress" /db "test").
If you use the /server and /db parameters, the system will connect to the database using Integrated Windows Authentication. If you specify all parameters, only the /conn parameter will be used. The parameters /server and /db will be ignored.
/users <parameters> Imports users and groups to Admin. Parameters are separated with commas.

Description of available parameters:
Parameter Meaning
remove Remove users who do not exist in AD. The flag works only with import of the entire AD (DC).
Only accounts originally imported from AD will be deleted. Accounts created manually will not be deleted.
outsidegroups If the import is run at the OU (organizational unit) level, import also group members (groups inside the selected OU) lying outside of the selected OU.
Note:
search in group members is performed up to any depth.
Example:
We import the "CZ" OU in which there is the "CZA" group. "SKA" group located in another OU "SK" is a member of the "CZA" group. The person "Peter" is a member of the "SKA" group.
If we use this radio button, "SKA" and "Peter" are imported (even though located outside the imported OU "CZ"). Also potential other members of the "SKA" group up to any depth (group members) will be imported.
If we don't use the radio button, no "SKA" group nor person "Peter" will be created.
/usermap <mapping> Using this radio button you can determine the mapping of some attributes when importing users and groups into Admin. The radio button works only in combination with the /users radio button.

Supported attributes:
Attribute Field name in Admin
Company Organization
PersonalNumber Personal number
@tPersonCust.Column Custom items of a person – see the note

Attributes can be mapped either to a constant string in the command line (e.g. if we want to assign a single Organization to all people manually), or to a specific AD field. For more, please see the examples.
Note:

The attributes can be mapped also to any existing custom item from the tPersonCust table (excluding the int type items) which uses the value list. The attribute name has to be "@"+ [tPersonCust] +[column name in the database], e.g. @tPersonCust.Title.
Tip:
The radio button can only be used when importing into Admin. For mapping AD attributes to object properties in Asset Management please refer to Mapping Attributes in Active Directory to Object Properties.
/objects <parameters> Import objects to Asset Management. Parameters are separated with commas.

Description of available parameters:
Parameter Meaning
users Import users.
computers Import computers.
ou Import organizational structure.
flat Import objects only in the specified path and do not scan any subfolders.
Warning:
You need to enter at least one parameter: users, computers, ou.
Note:/div>
Mapping AD attributes to AM properties is set with the tblADMap table.
The import creates new objects in the Objects loaded from Active Directory folder.
/objectparentid <NodeId> Create new objects as child objects under the object with ID: <NodeId>. Works only if joined by /objects radio button.
Note: You can find the NodeId value in the Console on the Objects tab by viewing the NodeId system column, or in the tblNode.intNodeId table.
/noportraits Import without portraits.
/wait Wait for key press at the end of the import.
/progress Display import progress.
/login <login name> User's login name. This account will be used to access the AD.
Note: If this parameter is not set, the import will access AD with the account under which the application was launched (user currently logged in to Windows).
/pswd <password> Password of the user whose account will be used to access AD.
/log <file>Report into a file. Please specify a path and a file name.
Note: The log will be overwritten every launch.
/datetimeformatDate format in text strings (e.g. "dd/mm/yyyy"). If no parameter is entered, the format is recognized automatically upon conversion.
You can find the detailed description of possible formats in the MSDN.

Field Mapping to AD Attributes for People

Field Name Attribute Name in AD
Name and Surname cn
Note: You can globally change this in the import settings (in Admin, go to "File – Load users from LDAP – Options" command).
Email mail
Phone telephoneNumber
Cellular/ mobile
Office physicalDeliveryOfficeName
Organization company
Department department
Job title
Username sAMaccountName
Manager manager
Account blocked userAccountControl

Examples of use

  1. Import all members of the "mygroup" group with simple login to the SQL server:
    ImportAD.exe /adpath "LDAP://CN=mygroup,DC=my,DC=domain" /server "server\sql2005"  /db "alvao" /users

  2. Import the entire AD and a specific SQL server connection, remove users not found in the AD:
    ImportAD.exe /adpath "LDAP://DC=my,DC=domain" /conn "Data Source=.\sqlexpress;Initial Catalog=alvao;Integrated Security=True" /users remove

  3. Import a specific organizational part to a simple SQL login. The "Organization" field for all users will contain the "ALVAO" string. The "PersonalNumber" field will contain the value copied from the "PersonalNumber" AD attribute. The value copied from the "PersonalTitle" AD attribute will be transferred to custom item "Title". Groups outside of OU which are members of groups inside the OU will be imported too:
    ImportAD.exe /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /users outsidegroups /usermap "Company='ALVAO'" /usermap "PersonalNumber=AD.EmployeeID" /usermap "@tPersonCust.Title=AD.PersonalTitle"

  4. Importing newly recruited employees. Nobody of them is an external collaborator, everyone has halftime, taking the job from 15th August at 10 o'clock in the building located in 12 Waterfront St., Room No. 007. Everything will be saved into custom items of the corresponding types.
    ImportAD.exe /adpath "LDAP://DC=new,DC=domain" /conn "Data Source=.\sqlexpress;Initial Catalog=alvao;Integrated Security=True" /users /usermap "@tPersonCust.Externist='0'" /usermap "@tPersonCust.Part_time='0,5'" /usermap "@tPersonCust.Date_of_onboard='15.8.2015 10:00:00'" /usermap "@tPersonCust.Building_address='12 Waterfront St.'" /usermap "@tPersonCust.Room_number='007'"

  5. Import "Computer" and "User" objects to Asset Management:
    ImportAD /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /objects computers,users

  6. Import "Computer" and "User" objects to Asset Management, and import users and groups to Admin:
    ImportAD /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /objects computers,users /users

  7. Import computers from the standard container "Computers" to Asset Management:
    ImportAD /adpath "LDAP://CN=Computers,DC=my,DC=domain" /server server1 /db alvao /objects computers

Supported Scenarios

Synchronize with the entire AD (including the removal of users)

Run the import at the entire AD level (LDAP://DC=...) and use the remove parameter (/users remove) for the import of users to Admin.

Import selected AD groups to ALVAO

  1. Create a new group in AD with the name "ALVAO" and set all selected groups that you want to import to ALVAO as the new group's members.
  2. Run the import and set the path in the /adpath parameter to this "ALVAO" group.
    Example: /adpath "LDAP://CN=alvao,OU=import,DC=domain"
  3. All selected groups and their members (including users) will be imported to Admin. The membership in groups will be set correctly./li>

Import without images directly from AD

If users are imported from AD, by default they will be imported including portraits from the "thumbnailPhoto" and "jpegPhoto" properties. User portraits are stored in the ALVAO database.
If you don't want to load portraits from AD, run the import from the command line and add the /noportraits parameter.
Example:

ImportAD /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /objects computers,users /users /noportraits

Note:
If you want to run imports with an automated task, you will need to edit the "ImportAD" command by adding the /noportraits parameter.

Import objects to Asset Management

Run an import of the entire AD or a selected OU and use the /objects radio button to specify which items you want to import. Using the /objectparentid radio button define where the objects should be imported to (optional).

Finding Disabled Users from Active Directory

  1. In the tree in the AM Console main window select the entire organization and click on the Objects – All tab.
  2. View the "Account is disabled" column.
  3. Set the filter in the "Kind" column to "User" and the filter for the "Account is disabled" column to "Yes".
  4. After creating the list of disabled users, use the "View in the lists of objects" command for easier browsing in the list items.
  5. In the filtered list there are users having the account disabled in the Active Directory. Move these users into a folder for removed users.

 

Did not find what you were looking for? Ask our technical support team.