Articles in this section

See more
Print

Import SQL Data | Update AD Users rule

  • Updated
Follow

Rule description

This rule queries the specified SQL data source and updates Active Directory user accounts according to the Action section settings. Accounts are matched between the two systems by anchor attributes.

Note: You can also update user virtual attributes. For more details, please see Configuring Virtual Attributes article.

 

When to use this rule

Use this rule when you need to perform bulk user account update from HR/ERP/SIS system into Active Directory.

 

Rule Settings

Query Section

Setting name Description

Limit scope to this domain or OU

This setting defines the search query scope.

To improve query performance, limit the scope to specific OU.

Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.

SQL instance

 

Specify the name of the SQL Instance as defined in the Utils Extension SQL Server configuration. Using the Default SQL Instance setting will retrieve the current setting from the SQL Connection settings of the Utils extension.

Note: For more information, please see Connecting to Microsoft SQL Server data source article.

SQL database name

Specify database name from selected SQL Instance.

SQL table

Specify SQL Table or View from the selected database. Click the [...] button to display a list of tables from which to choose.

SQL credentials

Specify the database from the data source SQL Instance. Click the [...] button to enter SQL Credentials.

Note: Windows Authentication cannot be used to access a Microsoft SQL Server database. The account must be a Mixed Mode or SQL Account.

Data Source Filter

You can use the point-and-click filter builder for the specified data source.

Note: If Where Clause is also specified, it will be applied and DataSource Filter will be ignored.
More options  

Return these SQL columns

 

Specify columns returned by the data source.

Where clause

Define a WHERE statement in the SQL query sent to the data source to limit the rows returned by SQL Server.

Properties to display

Select properties to display for each object found by the query.

Filter

 

Set the filtering conditions to only return objects or data that need to be processed by the rule.

Example: filter by Name column. 

Empty field in Data Source

If the record in SQL column is empty, you can skip updating the attribute or clear its value.

Data Source Anchor attribute

Defines the column in the Data Source that will be used to determine if the user account already exists. This value is compared to the Active Directory Anchor Attribute.

Because user names are likely to have duplicates, some other attribute with a unique value should be used to determine if records read from the Data Source have already been processed.

Active Directory Anchor attribute

Defines the attribute in the AD to which the Data Source anchor attribute is to be compared. When a user is updated this value also specifies the AD attribute into which the Data Source anchor is written for comparison the next time the rule is executed.

 

Action Section

Setting name Description
Account  

FirstName (GivenName)

If the Data Source contains a field named FirstName, do nothing. Otherwise, use the Selector button to choose a field from the Data Source.

Initials

Specify user initials.

Last/SurName (sn)

If the Data Source contains a field named LastName, do nothing. Otherwise, use the Selector button to choose a field from the Data Source.

Display Name

 

If the Data Source contains fields named FirstName and LastName, choose the desired format do nothing. Otherwise, use the Selector button to select a field from the Data Source or contact Cayosoft for an override format.

Description

 

If the Data Source contains a field name Description, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source.

Settings

 

New Password

This setting defines the password for the new account. This value can be static text, a field from the Data Source chosen using the Selection button, or set to Generate Random Password

Note: Static passwords or passwords from Data Source must meet the Active Directory Password Complexity Policy of the target container, or the account will be created in a disabled state. Randomly Generated Passwords will be generated to match both the Active Directory Password Complexity Policy and additional complexity requirements defined in the Cayosoft Administrator Password Complexity Policy.

Must change password at next logon

Account enabled

User cannot change password

Password never expires

These settings enable/disable the standard Active Directory user object settings.

Account Expiration Date

This setting defines the Account Expiration attribute in Active Directory.

In addition to populating this field from the Data Source, a text string can also be manually entered into the field in the format MM/DD/YYYY or YYYY-MM-DD.

Organization

 

Office

Job Title (Title)

Department

Company

Employee Number

EmployeeID

Division

If the Data Source contains one of these field names, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source.

Manager Identifier

Use the Selector button to choose a field from the Data Source that is a unique identifier for the user’s manager. Typically this will be the Managers EmployeeNumber or EmployeeID.

AD Attribute for Manager Lookup

Select an Active Directory attribute that is used to search for the value of the Manager Identifier specified in the field above.

Contact Info

 

Country

If the Data Source contains a field name Country, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source.

Office Phone (telephoneNumber)

Mobile Phone (mobile)

Street Address

City (l)

State

Postal Code

If the Data Source contains a field with one of these names, do nothing. Otherwise manually enter a static text value or use the Selector button to choose a field from the Data Source.

 

Other Properties

 

Other properties

Using picker dialog, set a mapping between data source columns and target user properties. 

Other properties script

Data mapping also can be set by the script.

If you want every provisioned user to have extension attribute 1 populated with some string value then use this:
{@{'extensionAttribute1'='YourString'}}

If you want every provisioned user to have extension attribute 2 populated with the corresponding value from the column in your data source file, then use this:
{@{'extensionAttribute2'=$_.EXT2}}, since EXT2 is the name of the column from your data source.

Note: If you set mapping for the same properties both in Other properties and Other properties script, attribute values will be updated by the script.

 

Output Section

This section defines the output format of this rule.

To get more information about this section, please see the Output section article.

 

Enforce/Schedule section

This section defines the schedule for how often to run the rule.

To get more information about this section, please see the Enforce/Schedule section article.

 

 Change History

Version Notes
9.1.0 Domain Controller and Credentials settings have been removed. 
7.3.0 Data Source filter is added.
7.2.0 Other properties setting is added.
6.4.0 If the record contains empty fields, then overwrite fields with empty values setting is renamed to Empty field in Data Source.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.