Groupe des Utilisateurs Altiris Suisses et Francophones Group

 View Only

AD sync, where to add AD servers with sp2 ServiceDesk 7.1 

Jan 19, 2012 02:18 PM

AD sync –How to use Active Directory with SD7.1 SP2, or got any chance to download your groups and users from AD.

Again, if feel useful this post, please put a +1, or better a small comment, so I feel useful doing such :)
Notice external google docs images - your browser can need to trust external source to display correctly, can go original link.

For installing Service Desk 7.1 (Symantec ServiceDesk), if you follow the SP2 user’s guide manual of SD7.1 (page 407/408 (http://www.symantec.com/docs/DOC4836), you got:

  • Use AD Servers pages into Admin menu (SD portal)…

But you will not find AD servers menu, and no way to add servers using the portal, must go to a “credentials manager” (see below), and probably a good idea to activate the install of the workflow designer on your SD7 server (not by default). If following the implementation manual (http://www.symantec.com/docs/DOC3929), and the KB HOWTO49691, we do not activate AD authentication on the install (and I feel we cannot any more).

I wonder why page 131 implementation guide sp2 (DOC3929) talk about a possible use that AD authentication during install seems simpler… (If somebody does with a success, please thank to tell us…)?

Also, if you got some “could not find script file” error popup:

  • don’t panic, but should consider snapshot reverse or the KB http://www.symantec.com/docs/HOWTO58977 for a clean removal, to reinstall from scratch. You need to redo and this time follow the HOWTO49691, and change the login of workflow service BEFORE, the setup! After the Install!
  • If the “error” coming BEFORE you runs the setup, during the install: Well…. Also, DO NOT USE “<Prev” button, all the same just for taking a nice screenshot previous step, I am feeling SD7 does not like :(.
  • Else, read again the conditions for the 2 accounts detailed rights they need to have (AppPool identity change, classic mode, etc…) and also add the SD7 server AD computer account into local admins the SQL server (no, I don’t joke, it is on the manual).

Now you are the lucky guy with a success install of the SD7.1 sp2, but no idea how to get now your users from AD? Here we are:
 

Must go outside the SD portal (stop search inside…)

Open Program menu
Symantec/Workflow designer/Tools
  • Credential Manager


Yes, you should install the Workflow designer on your SD 7.1 server.
*
Add a new AD server

(notice do not follow current KB or manual, all the same SP2, tell: SD portal > admin menu > “AD servers”, is not existing any more)

Seems no test possible here, must do from SD portal. Check logs in there if problems: Button “Log viewer”.

Now, must back the SD portal

Go to ADMIN > PORTAL > Master…
Verify the Active Directory Authentication option is activated.
*
Often just a check box makes the difference :-P

Activate the AD authentication, into Process Manager Active Directory Settings (Admin > Portal > Master settings)
Go to SD Portal with admin login
Menu: Admin > Active Directory

Use the “lightning” button to add a profile.
+ Add a Sync profile
You can filter by group/OU or specific
Best reduce groups only to those to map the SD7 roles, queues.
Also filter users, not users, but integrate service accounts, especially with email.
Building schedule is the second menu entry under ADMIN/Active Directory portal, but we can “Add schedule” from there.
Smaller granular is “day”… I do a night full, and a mid-day update.
You can force manual update from the “lightning” button menu
  • Run update
If error “ Active Directory Authentication is not enabled”
Just review my 2nd line above, (you do?) and do not forget to make a save!! :P

Activate the AD authentication, into Process Manager Active Directory Settings (Admin > Portal > Master settings)

That’s better :)
See Admin > Users > Accounts > List groups, and > Manage users: To get them…
Also seems best to use the “Administrative Services” > “Ad group Merge” workflow
But this Tool, only allow a one to one mapping. You will not be able to associate multiple groups (eg queues).

 

This SP2 SD 7.1 documentation issue is updated with this new KB: http://www.symantec.com/docs/HOWTO65717  
Thanks again for your help Symantec Support (Ott).

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jan 26, 2012 06:04 PM

https://www-secure.symantec.com/connect/forums/sql-setup-adding-computer-admin-group#comment-6595161

Jan 20, 2012 04:49 PM

Ended up opening a support case on this one also.

Great screens shots of the steps!!!!!!

Jan 18, 2012 05:01 PM

It is a better Idea, to create your queues as distribution list or security groups, into your AD, than building your own groups (queues) into SD 7.1... You can force manual any change.

Related Entries and Links

No Related Resource entered.