Microsoft Active Directory and ITAM Integration
IntegrationIntroduction
You can integrate third-party systems with Service Manager in many ways. The method you select will depend on business requirements, architectural and security constraints as well as the characteristics specific to each third-party application or service.
This document describes an integration process that has already been implemented in a customer context.
To find out more about this integration (e.g. scripts to be used), please do not hesitate to contact your EasyVista contact, or your service provider and integrator.
Overview of the integration
Microsoft Active Directory (AD) is the directory service provider that supports LDAP for Windows operating systems. It lists all elements in the administered network such as user accounts, servers, workstations, shared folders or printers.
- Its primary objective is to provide centralized identification and authentication services to a network of machines using the Windows operating system.
- It is used by administrators to attribute and apply strategies, distribute software and install critical upgrades.
- It enables users to locate shared resources easily and administrators to monitor usage thanks to functionalities that store information, distribute, duplicate, partition and secure access.
This integration describes the functionality for storing information using the following attributes related to the network of workstations:
- OS name: operatingSystem attribute
- OS version: operatingSystemVersion attribute
- OS service pack: operatingSystemServicePack attribute
The Service Desk requires this information to qualify incidents and determine the procedure applicable.
Operating principle
The standard integration process is made up of 2 phases:
- Run a preimport task using the smoBackOfficeClient tool to:
- Extract and store data from the Microsoft Active Directory database in Service Manager work tables.
- Run various processing to normalize and standardize data.
- Store all data in the final Service Manager tables.
- Integrate data in the final Service Manager tables using Employee/Equipment integration models.
Notes
- An account with read access must be defined to enable Service Manager to connect to an Active Directory domain controller.
- To set up Microsoft Active Directory in a standard integration process, you need to add several tables to the EVO_BACKOFFICE database.
- Importing employees:
- An employee is imported only if the following information is specified: company (Company), last name (sn), first name (givenName) and login (sAMAaccountName).
- Departments missing from Service Manager will automatically be imported.
- The unique ID used for the import is the user login.
- Two integration models are used for importing information on employees and their managers.
- Importing equipment:
- Equipment missing from Service Manager will not be imported.
- The unique ID used for the import is the workstation's network identifier.
- Four integration models are implemented. One for importing information on equipment and three for importing the attributes, i.e. operatingSystem, operatingSystemVersion and operatingSystemServicePack attributes.
See How to choose the best tool for automating integration.
Procedure
How to perform integration using Microsoft Active Directory
1. Run scripts to create tables in the EVO_BACKOFFICE database.
2. Define the preimport processing for extracting data from the Microsoft Active Directory database.
3. Integrate the data extracted. See the procedure.
- Integration models for importing employees:
- LDAP employees: Insertion & Update option and the Employee connector
- LDAP employees - Managers: Only Update option and the Employee connector
- Integration models for importing equipment:
- LDAP equipment: Only Update option and the Equipment connector
- Attributes - OS name: Insertion & Update option and the Attributes connector (equipment, contracts, licenses)
- Attributes - OS service pack: Insertion & Update option and the Attributes connector (equipment, contracts, licenses)
- Attributes - OS version: Insertion & Update option and the Attributes connector (equipment, contracts, licenses)
How to convert a Timestamp value to a Date value
Some Microsoft AD fields are stored as Timestamp values. This is based on the number of seconds elapsed since midnight January 1, 1601 UTC): LastLogon, LastLogonTimestamp, accountExpires, LastPwdSet.
Use the AD_DATE_CONVERT function to convert them to the standard Date format.
example Convert the accountExpires value (Arrival date):
FROM e_ad_temp
SET accountexpires =
[EVO_BACKOFFICE].[EZV_ADMIN].Ad_date_convert(accountexpires)
Mapping Microsoft Active Directory attributes and Service Manager fields
Employees
Microsoft Active Directory | Service Manager | |||
---|---|---|---|---|
sAMAcountName | Login | |||
displayName | Full Name | |||
Company / Division / Department | Entity
(Note: Concatenation of 3 fields) |
|||
description | Note | |||
extensionAttribute5 | Available Field 1 (contract type) | |||
telephoneNumber | Phone | |||
facsimileTelephoneNumber | Fax | |||
Mobile | Mobile | |||
homePhone | Available Field 2 (Internal phone) | |||
otherHomePhone | Available Field 3 (Other phone) | |||
lastLogonTimestamp | Available Field 6 (last connection)
(Note: DD/MM/YY hh:mm:ss format) |
|||
whenCreated | Arrival Date
(Note: DD/MM/YY hh:mm:ss format) |
|||
Title | Job | |||
Manager | Manager: Login | |||
proxyAddresses | Available Field 4 (Fax ID) | |||
extensionAttribute7 | Available Field 5 (Manager region) | |||
canonicalName | Location Code | |||
sn | N/A
(Note: Used to check if the account is valid) |
|||
givenName | N/A
(Note: Used to check if the account is valid) |
|||
UserAccountControl.AccountDisable | Departure Date
(Note: Specified if the employee is to be archived in Service Manager. In this case, the value is the current date. If there is no end date, then it is 01/01/2099.) |
|||
distinguishedName | N/A
(Note: pecified if the employee is to be archived in Service Manager. In this case, the value is the current date.) |
|||
accountExpires | Date of account deactivation
(Note: DD/MM/YY hh:mm:ss format) |
|||
Initials | Title |
Equipment
Microsoft Active Directory | Service Manager | |||
---|---|---|---|---|
Name | Network Identifier | |||
distinguishedName | N/A | |||
canonicalName | Location Code | |||
Description | Note | |||
operatingSystem | OS Name (attribute value) | |||
operatingSystemVersion | OS Version (attribute value) | |||
operatingSystemServicePack | OS Service Pack OS (attribute value) |