Microsoft Active Directory and ITAM Integration


About this integration
SM_IntegrationIntroduction

You can integrate third-party systems with Product name - ev itsm.png in many ways. The method you select will depend on business requirements, architectural and security constraints as well as the characteristics specific to each third-party application or service.

This document describes an integration process that has already been implemented in a customer context. 

To find out more about this integration (e.g. scripts to be used), please contact the Logo - EasyVista.png Consulting & Professional Services team, the Logo - EasyVista.png Support team, or your service provider and integrator.

Summary integration

Microsoft Active Directory (AD) is the directory service provider that supports LDAP for Windows operating systems. It lists all elements in the administered network such as user accounts, servers, workstations, shared folders or printers.

  • Its primary objective is to provide centralized identification and authentication services to a network of machines using the Windows operating system. 
  • It is used by administrators to attribute and apply strategies, distribute software and install critical upgrades.
  • It enables users to locate shared resources easily and administrators to monitor usage thanks to functionalities that store information, distribute, duplicate, partition and secure access. 

This integration describes the functionality for storing information using the following attributes related to the network of workstations:

  • OS name: operatingSystem attribute
  • OS version: operatingSystemVersion attribute
  • OS service pack: operatingSystemServicePack attribute

The Service Desk requires this information to qualify incidents and determine the procedure applicable.

Operating principle

         Microsoft Active Directory Process.png

The standard integration process is made up of 2 phases:

  • Run a preimport task using the smoBackOfficeClient tool to:
    • Extract and store data from the Microsoft Active Directory database in Product name - ev itsm.png work tables.
    • Run various processing to normalize and standardize data.
    • Store all data in the final Product name - ev itsm.png tables.
  • Integrate data in the final Product name - ev itsm.png tables using Employee/Equipment integration models.

Notes

  • An account with read access must be defined to enable Product name - ev itsm.png to connect to an Active Directory domain controller.
  • To set up Microsoft Active Directory in a standard integration process, you need to add several tables to the EVO_BACKOFFICE database.
  • Importing employees:
    • An employee is imported only if the following information is specified: company (Company), last name (sn), first name (givenName) and login (sAMAaccountName).
    • Departments missing from Product name - ev itsm.png will automatically be imported.
    • The unique ID used for the import is the user login.
    • Two integration models are used for importing information on employees and their managers.
  • Importing equipment:
    • Equipment missing from Product name - ev itsm.png will not be imported.
    • The unique ID used for the import is the workstation's network identifier.
    • Four integration models are implemented. One for importing information on equipment and three for importing the attributes, i.e. operatingSystem, operatingSystemVersion and operatingSystemServicePack attributes.

    Open url.png  See How to choose the best tool for automating integration.

Procedure

How to perform integration using Microsoft Active Directory

1. Run scripts to create tables in the EVO_BACKOFFICE database.

2. Define the preimport processing for extracting data from the Microsoft Active Directory database.

3. Integrate the data extracted. Open url.png See the procedure.

  • Integration models for importing employees:
    • LDAP employees: Insertion & Update option and the Employee connector
    • LDAP employees - Managers: Only Update option and the Employee connector
  • Integration models for importing equipment:
    • LDAP equipment: Only Update option and the Equipment connector
    • Attributes - OS name: Insertion & Update option and the Attributes connector (equipment, contracts, licenses)
    • Attributes - OS service pack: Insertion & Update option and the Attributes connector (equipment, contracts, licenses)
    • Attributes - OS version: Insertion & Update option and the Attributes connector (equipment, contracts, licenses)

How to convert a Timestamp value to a Date value

Some Microsoft AD fields are stored as Timestamp values. This is based on the number of seconds elapsed since midnight January 1, 1601 UTC): LastLogon, LastLogonTimestamp, accountExpires, LastPwdSet.
Use the AD_DATE_CONVERT function to convert them to the standard Date format.

Example documentation icon EN.png  Convert the accountExpires value (Arrival date):

SELECT [EVO_BACKOFFICE].[EZV_ADMIN].Ad_date_convert(accountexpires)
FROM   e_ad_temp
UPDATE [EVO_BACKOFFICE].[EZV_ADMIN].[e_ad_ok]
SET    accountexpires =
       [EVO_BACKOFFICE].[EZV_ADMIN].Ad_date_convert(accountexpires)

Mapping Microsoft Active Directory attributes and EasyVista fields

Employees

Logo - Active Directory.png Product name - ev itsm - big.png
sAMAcountName Login
displayName Full Name
Company / Division / Department Entity

(Note: Concatenation of 3 fields)

description Note
extensionAttribute5 Available Field 1 (contract type)
telephoneNumber Phone
facsimileTelephoneNumber Fax
Mobile Mobile
homePhone Available Field 2 (Internal phone)
otherHomePhone Available Field 3 (Other phone)
lastLogonTimestamp Available Field 6 (last connection)

(Note: DD/MM/YY hh:mm:ss format)

whenCreated Arrival Date

(Note: DD/MM/YY hh:mm:ss format)

Title Job
Manager Manager: Login
proxyAddresses Available Field 4 (Fax ID)
extensionAttribute7 Available Field 5 (Manager region)
Mail Email
canonicalName Location Code
sn N/A

(Note: Used to check if the account is valid)

givenName N/A

(Note: Used to check if the account is valid)

UserAccountControl.AccountDisable Departure Date

(Note: Specified if the employee is to be archived in Product name - ev itsm.png. In this case, the value is the current date. If there is no end date, then it is 01/01/2099.)

distinguishedName N/A

(Note: pecified if the employee is to be archived in Product name - ev itsm.png. In this case, the value is the current date.)

accountExpires Date of account deactivation

(Note: DD/MM/YY hh:mm:ss format)

Initials Title

Equipment

Logo - Active Directory.png Product name - ev itsm - big.png
Name Network Identifier
distinguishedName N/A
canonicalName Location Code
Description Note
operatingSystem OS Name (attribute value)
operatingSystemVersion OS Version (attribute value)
operatingSystemServicePack OS Service Pack OS (attribute value)
Tags:
Last modified by Unknown User on 2018/08/23 16:14
Created by Administrator XWiki on 2015/04/22 16:45

Shortcuts

Recent Updates

Haven't been here in a while? Here's what changed recently:

-   Product name - ev itsm.png
-   Product name - ev sas.png

Interesting Content

How to Automate Integration
Add a Shortcut to an App
History
Quick Dashboard
Full text search - Stop Words

Powered by XWiki ©, EasyVista 2018