Importing users from Active Directory

Track-It! enables you to import user data automatically (technicians and requestors) through a connection with the Microsoft Active Directory server. Active Directory enables you to import data seamlessly and securely. By importing users from Active Directory, you do not have to spend time manually entering data and creating requestors and technicians. You can configure the required field mapping, organize the data based on your requirements. You can configure connections with multiple Active Directory servers.

Overview of the Active Directory setup

The following video (10:18) presentation provides an overview of the Active Directory setup and the Track-It! Directory Importer.

https://youtu.be/f3F7dCMPEfE

The Track-It! Directory Importer enables you to perform the following tasks:

  • Import users and user information
  • Designate the users as technicians or requestors
  • Map Active Directory source fields to Track-It! fields
  • Assign licenses to imported users

You must have the system administrator permission to perform the tasks mentioned in this topic. The following figure shows the process to import users from Active Directory:

Before you begin

  • Ensure that the required user data is present on the Active Directory server.
  • If you want to assign a group to the imported technicians, you must create and configure the group in Track-It!. For more information, see Creating and managing groups.

Configuring a connection to Active Directory

To import users in Track-It! from Microsoft Active Directory, you must establish a secure connection to the Active Directory server. After configuring the connection, you can test if the connection is set up successfully. Establishing a connection to the Active Directory is a one-time activity. If you want to connect to a different Active Directory server, you must override the existing settings.

Based on the authentication policy of the Active Directory server, you must update the password in the Directory Service settings. For example, if your authentication policy says that you must change your Active Directory password every 90 days, you must update the password in Track-It! Directory Service settings after 90 days.

Note

You can configure a connection to the Active Directory by using the domain name only. Configuring a connection to Active Directory by using the IP address is currently not supported.

  1. On the header bar, expand the hamburger menu and select Configuration.
  2. Select Application Settings > Directory Importer > Directory Service.
  3. To add a connection to a new Active Directory, click New.
  4. In the Add Directory Service dialog box, perform the following actions.
    1. In the Domain Name field, enter your domain name.
    2. In the User Name field, enter the user name to access Active Directory server.
    3. In the Password field, enter the password for the Active Directory server.
    4. In the Confirm Password field, enter the password again.
    5. (Optional) To test the connection to the Active Directory server, click Test Connection.
    6. Click Save.
  5. To configure connection to additional Active Directories, repeat step 3 and 4.
  6. (Optional) To edit a connection to an Active Directory, select the Active Directory and click Edit .
  7. (Optional) To delete a connection to an Active Directory, select the Active Directory and click Delete .

Mapping Track-It! fields to Active Directory fields

You can map the Track-It! fields to Active Directory fields, which specifies a source field in Active Directory and associates it to a destination field in Track-It!

For example, you can map the First Name field in Track-It! with the givenName field in Active Directory. The following table provides information about the out-of-the-box field mappings:

Track-It fieldActive Directory field
  • Technician ID
  • Requestor ID
sAMAccountName
First NamegivenName
Last Namesn
Email Addressmail
Windows User IDsAMAccountName
Use Windows Authentication[1]

Key considerations

  • By default, the Technician ID and Requestor ID fields are mapped to the sAMAccountName field in the Active Directory and you cannot modify this mapping. However, you can map the sAMAccountName field to other fields in Track-It!.
  • If you do not map the First Name and Last Name fields, by default, the First Name field is mapped to the sAMAccountName field and the Last Name field is imported with static data <Last Name>. You cannot map the sequence fields and only map the Location and Department fields virtual fields.

    Note

    If the value of sAMAccountName is more than 30 characters, the import fails.

    Also, if the value of sAMAccountName contains an apostrophe and is mapped to Login ID or Technician ID fields for technicians, the imported value does not contain an apostrophe ('). However, if the sAMAccountName field is mapped to any other field, the value is imported with the apostrophe.

  • Apart from sAMAccountName field, Track-It! provides five out-of-the-box mappings. You can map additional fields or modify the existing mappings.

  • If you do not want to map a Track-It! field with an Active Directory field, you can also enter a value manually between the square brackets ([]). For example, instead of mapping the Location field in Track-It! to a field on Active Directory, you can simply enter [San Jose] in the Select a directory field. After the import is complete, the location for users is assigned as San Jose.

  • You can add static data to a field and also map a field from Active Directory. Select a field from the Select a directory list and add the data between the square brackets. For example, Location = [San Jose] + postalCode. After the import is complete, the location for users is assigned as San Jose and the value of the postalCode field.

  • By default, the Technician ID and Requestor ID fields are mapped to the Windows User ID field in Active Directory. In this case, although the Windows Authentication might not be enabled in the Track-It application, the technicians and requestors can still use the Windows Authentication to log in.
  • If the logged-in user's data is modified during the import, the password of the logged-in user is reset to the default password. Also, if the Use Windows Authentication field is mapped for the import, after the import is complete, the user can log in using the Windows credentials also.

To map fields in Track-It! to Active Directory fields

  1. On the Track-It! header bar, expand the hamburger menu and select Configuration.
  2. Select Application Settings > Directory Importer Field Mappings.
  3. From the Select Active Directory Domain list, select an Active Directory from which you to import users.
  4. Click one of the following tabs:
    • Technicians - to map fields for technicians
    • Requestors - to map fields for requestors
  5. (Optional) If you click the Technicians tab, from the Assign all imported technicians to this group list, select a group to which you want to assign the users. 
  6. From the Select a Track-It! field list, select an appropriate field as the destination field.
  7. From the Select a directory field list, select an appropriate source field.
  8. (Optional) To map additional fields, click and repeat steps 5 and 6.
  9. (Optional) To remove a field mapping, next to field that you want to remove, click .
  10. (Optional) To restore the default mapping, click Restore Default Mapping.
  11. Click Save.

Selecting a group and assigning licenses

After you map the required fields, you must select an Active Directory group from which you want to import users and the type of license you want to assign in Track-It!. After the connection with the Active Directory is configured, all the groups that contain data in Active Directory are displayed in the Select Directory group list.

Key considerations

  • You must also configure the type of license that you want to assign to the requestors and technicians after the import is complete. The licenses for requestors and technicians are different. For more information, see Licenses.
  • If the total number of Named licenses are consumed, you can still assign the technicians the Named licenses, but they will be assigned the Concurrent license. For example, you have 5 available Named licenses and you import technicians from a group that contains 10 users, the first 5 users are assigned the Named license and the other 5 users are assigned the Concurrent license.
  • If users already exist in Track-It! and they are imported again because they are a part of an Active Directory group, the data for existing users is modified based on the data imported from Active Directory.
  • If you do want to assign a license to users, you can select the No License option. In this case, the imported users are marked as inactive in Track-It. To make the users active, you must assign a license. For more information, see Applying a license file.
  • When importing users from a group, you can delete users who are present in Track-It but are no longer present in Active Directory. If you do not select the Delete Technicians and Requestors that are not found in Active Directory check box while importing, these users are imported and marked as inactive.

You must have system administrator permission in Track-It! and domain administrator permission for the Active Directory server to view the deleted users in Active Directory.

To select a group and assign a license:

  1. On the header bar, expand the hamburger menu and select Configuration.
  2. Select Application Settings > Directory Importer > Selection and Licensing.
  3. From the Select Active Directory Domain list, select an Active Directory from which you to import users.
  4. Click one of the following tabs:
    • Technicians 
    • Requestors
  5. From the Select Directory group list, select the group on Active Directory from which you want to import users.
    If you a select a group that contains multiple organizational units (OUs) or containers, the users from all OUs and containers are imported.
  6. From the Select Track-It! License Type list, select a license you want to assign to the imported users.
    For more information about the license types, see Licenses.
  7. (Optional) To add more groups to import users, click and repeat steps 5 and 6.
  8. (Optional) To remove a group, click .
  9. (Optional) To delete users in Track-It!, select the Delete Technicians and Requestors that are not found in Active Directory check box.
  10. Click Save.

Importing users

After the above configurations are complete, you can now import users. The DirectoryImporter_YYYY-MM-DD_HH-mm-SS file (located in the Logs folder on the server on which Track-It! is installed) contains details about users that are successfully imported and users that were not imported. You can also view the reasons for failure in the ServiceManagement_YYYY-MM-DD file on the server.

If you import the technicians again, you must manually reassign the groups.

  1. On the Track-It! header bar, expand the hamburger menu and select Configuration.
  2. Select Application Settings > Directory Importer > Directory Service.
  3. In the User Import section, click Import Users.
    The import status and the last import run details are displayed.
  4. (Optional) To view the import details, check the DirectoryImporter file in the Logs folder of server on which Track-It! is installed.

You can view the details of users that are imported in the Requestors and Technicians screen.

Related topic

Creating and managing users

Was this page helpful? Yes No Submitting... Thank you

Comments