The Eduphoria! Active Directory Synchronization feature will allow you to easily update important staff information automatically.
It can be optionally configured to
- automatically create and delete accounts,
- update email and name information, and
- manage locations.
How do I control which users are synchronized?
The feature is designed to allow only certain security groups to be synchronized. Only users in the Allowed Groups from Eduphoria! SchoolObjects:Server Manager under Security Settings will be synced. The tool WILL NOT look for accounts in any Active Directory OU whose name contains “Students” or “Computers.” These are skipped by design to increase the speed of the user sync.
What information is synchronized?
By default, the following pieces of data will be automatically updated based on the information in Active Directory:
- first name
- last name
- email address
- new accounts
Are users in Departments automatically synchronized?
User information for users in Departments in Eduphoria! will be updated; however, location synchronization with Active Directory for Departments is not supported.
What actions in Active Directory will delete and create/restore accounts?
- Any new account that exists in the allowed security groups will be automatically created in Eduphoria!.
- Deleting or Disabling an account in Active Directory will delete the corresponding account in Eduphoria!, if that feature is enabled.
- Removing a user from the allowed security group(s) will cause that user account to be deleted in Eduphoria!.
- Eduphoria! will synchronize the Active Directory GUID with each Eduphoria! account. This is used to update and connect the account even if username, email, and other identifying fields in Active Directory are changed. Therefore, should you delete an account from Active Directory, that GUID will be deleted with it.
- A new account created, even using the same email or username, will be treated as a new account in Eduphoria!.
- Manually un-deleting an account in Eduphoria! will reset the GUID connection. This will allow you to reconnect an existing Eduphoria! account to an Active Directory account that was deleted and then recreated.
How often will the synchronization occur?
You can schedule the tool to run as often as you like. Depending on the size of your user base, you should adjust the frequency of synchronization accordingly. Larger user sets should synchronize less often, etc.
Will I know what changes are made?
An update email is sent to all Eduphoria! System Administrators in the system. This email will include what specific changes were made.
During configuration, what if all of my users are not found in Active Directory?
Should a mistake occur in setup, the system will automatically stop synchronization if more than 5% of the users change at once. This is to prevent an entire user base from being deleted, moved to the wrong locations, etc. An email will still be sent to System Administrators notifying them of the failure to synchronize.
What fields will be read in Active Directory?
For username, first name, last name, and email address, the corresponding fields in Active Directory will be read for this information. Location management can use either the Department field or the Office field. Each field can contain information, as it will be combined to assign a user to multiple locations. Each field can also contain multiple values as long as they are separated with a comma, semicolon, backslash, or forward slash. Employee ID will be read from the field that is specified during configuration.
Server Manager Setup
Follow the steps below to enable Directory Services Integration:
- Log into the desktop of your Eduphoria! webserver.
- Double-click SchoolObjects: Server Manager icon on the desktop and select Directory Services from the tree list.
- To turn on Directory Services Integration, check the Enable Strong Integration box.
- Once enabled, click the Configure button to select optional features:
- Delete disabled and deleted Eduphoria! accounts
- Read and update school/location information
- Synchronize Employee ID
- Once all desired options are selected, click OK on the Configure screen as well as the Directory Services Screen. The Directory Integration Service should restart to enable the initial sync.
Note: If enabling Employee ID, the field in Active Directory where Employee ID can be found needs to be specified. This field needs to be populated with the true Active Directory name, not the user friendly name. For instance, it would need “PhysicalDeliveryOfficeName” versus “Office” if this field is used. This is only an example, as location information would be pulled from that field normally.
The First Synchronization
- After selecting configuration options, run the first synchronization.
|NOTE: As the first run may cause more than 5% changes due to account information updating, this process will need to be run manually.|
- Click the Discover Now button on the Configure screen under Directory Services in Server Manager. This will show the changes as they actually occur.
- After the process is complete, users with System Administrator access in Eduphoria! should receive an email regarding the status of the sync.
- NOTE: The email will be sent once the process is running automatically.
- When running manually, the screen will display a list of all users created, deleted, or updated on the left. Selecting any user will show you their name, username, email address, Active Directory GUID, type of change, and their internal Eduphoria! User ID.
- If all changes look acceptable, click Apply Changes. This will then process the actual synchronization with Eduphoria!. If there appear to be erroneous changes, then Cancel the process. This makes the initial synchronization very safe, since the system administrator is required to approve the changes.