Skip Navigation LinksALVAO 10.2ALVAO Asset ManagementSystem Implementation in an OrganizationUser ManagementImportAD Skip Navigation Links. Skip Navigation Links Skip Navigation Links.


Change ALVAO version
Change language

AD Import

Feature Description

You can use this application to import (synchronize) users and groups from Active Directory for the entire ALVAO system. This utility also allows you to import objects (users, computers and organizational structures) to the Asset Management module.

Note:
If members coming from other trusted domains appear in the imported groups, in some cases it is necessary to specify the domains in the AdTrustedDomain table.
Note:
The user language is set according to the prefferedLanguage, or countryCode attribute during import.

Command Line Syntax

ImportAD.exe /adpath "LDAP path" {/conn "connection string" | /server "database server name" /db "database name"} [/users [remove,outsidegroups]] [/usermap "attribute mapping"] [/objects {users,computers,ou,flat}] [/objectparentid "NodeId"] [/login "login name"] [/pswd "password"] [/log "file"] [/progress] [/wait] [/help] [/noportraits]

Detailed Description of Parameters

Parameter Description
/adpath <LDAP path> The path in Active Directory in the LDAP format. Three options are supported:
  1. DC import (the entire AD) – all users and groups are imported including the group membership settings and the users in groups (a "copy" of the entire AD).
  2. Import of a specific OU (organizational unit) – all users and groups from the specified OU are imported. Here you can use the outsidegroups parameter, see more detailed description below.
  3. Import of a specific CN (group) – all users and groups are imported which are members of a specific groups (in-depth – see note below).
Note:
  • In-dept browsing of group memberships is based on scanning all groups that are members of a specific group, followed by a scan of all members, nested members etc.
    Example: Group C is a member of group B and group B is a member of group A. Then all groups, A, B, and C, will be imported.
  • The /objects radio button (object import to Asset Management) does not work with paths routed from a specific group (CN).
/conn <string>
/server <server name>
/db <database name>		 These parameters contain connection settings for the ALVAO database. You can use connection strings (e.g. /conn "Data source=.\sqlexpress;Initial Catalog=test;Integrated Security = True"), or enter a specific SQL server and database (e.g. /server ".\sqlexpress" /db "test").
If you use the /server and /db parameters, the system will connect to the database using Integrated Windows Authentication. If you specify all parameters, only the /conn parameter will be used. The parameters /server and /db will be ignored.
/users <parameters> Imports users and groups to Admin. Parameters are separated with commas.

Description of available parameters:
Parameter Meaning
remove Remove users who do not exist in AD. The flag only works during the group, organization unit, container. or the whole AD (DC) import.
Only accounts originally imported from AD will be deleted. Accounts created manually will not be deleted.
outsidegroups If the import is run at the OU (organizational unit) level, import also group members (groups inside the selected OU) lying outside of the selected OU.
Note:
search in group members is performed up to any depth.
Example:
We import the "CZ" OU in which there is the "CZA" group. "SKA" group located in another OU "SK" is a member of the "CZA" group. The person "Peter" is a member of the "SKA" group.
If we use this radio button, "SKA" and "Peter" are imported (even though located outside the imported OU "CZ"). Also potential other members of the "SKA" group up to any depth (group members) will be imported.
If we don't use the radio button, no "SKA" group nor person "Peter" will be created.
/usermap <mapping> Using this radio button you can determine the mapping of some attributes when importing users and groups into Admin. The radio button works only in combination with the /users radio button.

Supported attributes:
Attribute Field name in Admin
Company Organization
PersonalNumber Personal number
@tPersonCust.Column Custom items of a person – see the note

Attributes can be mapped either to a constant string in the command line (e.g. if we want to assign a single Organization to all people manually), or to a specific AD field. For more, please see the examples.
Note:

The attributes can also be mapped to any existing custom item from the tPersonCust table (excluding int type items) which uses a list of values. The attribute name has to be "@"+ [tPersonCust] +[column name in the database], e.g. @tPersonCust.Title.
Tip:
The radio button can only be used when importing into Admin. For mapping AD attributes to object properties in Asset Management please refer to Mapping Attributes in Active Directory to Object Properties.
/objects <parameters> Import objects to Asset Management. Parameters are separated with commas.

Description of available parameters:
Parameter Meaning
users Import users.
computers Import computers.
ou Import organizational structure.
flat Import objects only in the specified path and do not scan any subfolders.
Notification:
You need to enter at least one parameter: users, computers, ou.
Note:
Mapping AD attributes to AM properties is set with the tblADMap table.
The import creates new objects in the Objects loaded from Active Directory folder.
/objectparentid <NodeId> Create new objects as child objects under the object with ID: <NodeId>. Works only if joined by /objects radio button.
Note:
You can find the value of NodeId in the Console in the Objects tab by viewing the NodeId system column, or in the tblNode.intNodeId table.
/noportraits Import without portraits.
/wait Wait for key press at the end of the import.
/progress Display import progress.
/login <login name> User's login name. This account will be used to access the AD.
Note:
If this parameter is not set, the import will access AD with the account under which the application was launched (user currently logged in to Windows).
/pswd <password> Password of the user whose account will be used to access AD.
/log <file>Report into a file. Please specify a path and a file name.
Note:
The log will be overwritten every launch.
/datetimeformatDate format in text strings (e.g. dd/mm/yyyy). If no parameter is entered, the format is recognized automatically upon conversion.
You can find the detailed description of possible formats in the MSDN.

Field Mapping to AD Attributes for People

Field Name Attribute Name in AD
Name and Surname cn
Note:
This can be changed globally in the import settings (in Admin, go to File – Load users from LDAP – Options).
Email mail
Phone telephoneNumber
Cellular mobile
Office physicalDeliveryOfficeName
Organization company
Department department
Job title
Username sAMaccountName
Manager manager
Account blocked userAccountControl

Examples of use

  1. Importing all members of mygroup by using simple SQL server login:
    ImportAD.exe /adpath "LDAP://CN=mygroup,DC=my,DC=domain" /server "server\sql2005"  /db "alvao" /users

  2. Import the entire AD and a specific SQL server connection, remove users not found in the AD:
    ImportAD.exe /adpath "LDAP://DC=my,DC=domain" /conn "Data Source=.\sqlexpress;Initial Catalog=alvao;Integrated Security=True" /users remove

  3. Import a specific organizational part to a simple SQL login. The Organization field will contain the ALVAO string for all users. The PersonalNumber field will contain the value copied from the PersonalNumber AD attribute. The value copied from the PersonalTitle AD attribute will be transferred to custom item Title. Groups outside of OU which are members of groups inside the OU will be imported too:
    ImportAD.exe /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /users outsidegroups /usermap "Company='ALVAO'" /usermap "PersonalNumber=AD.EmployeeID" /usermap "@tPersonCust.Title=AD.PersonalTitle"

  4. Importing newly recruited employees. Nobody of them is an external collaborator, everyone has halftime, taking the job from 15th August at 10 o'clock in the building located in 12 Waterfront St., Room No. 007. Everything will be saved into custom items of the corresponding types.
    ImportAD.exe /adpath "LDAP://DC=new,DC=domain" /conn "Data Source=.\sqlexpress;Initial Catalog=alvao;Integrated Security=True" /users /usermap "@tPersonCust.Externist='0'" /usermap "@tPersonCust.Part_time='0,5'" /usermap "@tPersonCust.Date_of_onboard='15.8.2015 10:00:00'" /usermap "@tPersonCust.Building_address='12 Waterfront St.'" /usermap "@tPersonCust.Room_number='007'"

  5. Importing Computer and User type objects in Asset Management:
    ImportAD.exe /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /objects computers,users

  6. Importing Computer and User type objects in Asset Management, and importing users and groups in Management:
    ImportAD.exe /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /objects computers,users /users

  7. Import computers from the standard container "Computers" to Asset Management:
    ImportAD.exe /adpath "LDAP://CN=Computers,DC=my,DC=domain" /server server1 /db alvao /objects computers

Supported Scenarios

Synchronize with the entire AD (including the removal of users)

Run the import at the entire AD level (LDAP://DC=...) and use the remove parameter (/users remove) for the import of users to Admin.

Import selected AD groups to ALVAO

  1. Create a new group named ALVAO in AD and set all selected groups that you want to import in the ALVAO system as the new group's members.
  2. Run the import and set the path in the /adpath parameter to this ALVAO group.
    Example: /adpath "LDAP://CN=alvao,OU=import,DC=domain"
  3. All selected groups and their members (including users) will be imported to Admin. The membership in groups will be set correctly.

Import without images directly from AD

If users are imported from AD, they will be imported including portraits from the thumbnailPhoto and jpegPhoto. properties by default. User portraits are stored in the ALVAO database.
If you don't want to load portraits from AD, run the import from the command line and add the /noportraits parameter.
E.g.:

ImportAD.exe /adpath "LDAP://OU=ou1,DC=my,DC=domain" /server server1 /db alvao /objects computers,users /users /noportraits

Note:
If you want to run imports automatically using scheduled tasks, you will need to edit the ImportAD command by adding the /noportraits parameter.

Import objects to Asset Management

Run an import of the entire AD or a selected OU and use the /objects radio button to specify which items you want to import. Using the /objectparentid radio button define where the objects should be imported to (optional).

Finding Disabled Users from Active Directory

  1. Select the entire organization in the tree in the main AM Console window and click on the Objects – All tab.
  2. View the Account is disabled column.
  3. Set the filter in the Type column to User and the filter for the Account is disabled column to Yes.
  4. After creating a list of disabled users, use the View in the lists of objects command for easier browsing through the list.
  5. In the filtered list there are users having the account disabled in the Active Directory. Move these users into a folder for removed users.

Deleting Old Users

If you want to delete old users who haven't been found in Active Directory for some time, use the following procedure:

  1. In Management on the Users page, sort the users in ascending order based on the Last imported from AD column.
  2. Select and delete users who haven't been found in Active Directory for a long time.

Deleting old objects from Asset Management

If you want to delete old objects which haven't been found in Active Directory for some time, use the following procedure:

  1. In AM Console, select the whole organization in the objects tree and go to the Objects tab.
  2. View the Last imported from AD column.
  3. Use a filter in the Type column to display only computers, or users.
  4. Set the : not "" filter for the Last imported from AD column and sort the table in ascending order using this filter.
  5. Use the View in the lists of objects command from the context menu.
  6. Browse through old objects in the Lists of Objects window. If there are any assets assigned to a user, make sure they are returned.
  7. Move the objects to the Disposed assets folder.

Renaming Computers

If the computer is loaded from the Active Directory (AD) and you need to rename it:

  1. Rename the computer in the Windows systems (the same GUID remains fro the computer in the AD).
Note:
During other import from AD, the ImportAD utility will automatically rename the computer in the Asset Management.

Computer re-installation (reimage) wile keeping its name

If the computer is loaded from the Active Directory (AD) and you need to re-install its operating system or restore it from the disc image and keep its name on the network:

  1. Remove the computer from the AD.
  2. Go to the AM Console, find the computer in a tree and use the Edit command from the context menu.
    Delete the value in the Object GUID in Active Directory field.
  3. Re-install the operating system, or restore it from the disc image. Name the computer with its original name.
  4. Register the computer again to the AD (the computer will get a new GUID in the AD).
Note:
During the next import from the AD, the ImportAD utility will automatically pair a new computer from the AD with a computer in Asset Management according to the Name on the network property.

 

Did not find what you were looking for? Ask our technical support team.