2 Replies Latest reply on Oct 15, 2013 8:25 AM by Otura

    AD user import mappings advice requested

    Rookie

      Hello.

       

      We are deploying a LD ServiceDesk Suite 7.6.1 test environment.

      We would like to import the analyst and the end-users from the AD to use it later for integrated login.

       

      We have created the data connections and the data types (one for Analysts and one for End-users, based on a LDAP filter which queries AD "Analyst" group membership. We have setup a coupe of queries to verify that the data types import the required fields.

       

      We have some confusion while configuring the data mappings.

       

      Here is what we do for the End-Users:

       

      We choose the OurAD data connection as Source Module and the OurEndUser data type as the Business Object.

      We choose System as the Target Module and End User as the target BO. (Should we select here User?? Or maybe any other such as User Network Login?? Can someone explain the difference/reason/criteria to choose one or another??)

       

      The mapping that we do is as follows (first level is the LDSDS target attribute, and below indented the AD source attribute/s):

       

      Address

           Address, Country-Name, Text-Country, Postal-Code, Locality-Name

      Title

           Display-Name

      Email Address

           E-mail-Addresses

      DN

           Obj-Dist-Name

      Mobile Phone

           Phone

      Postcode

           Country-Text, Postal-Code

      Surname

           Surname

      Phone

           Telephone-Number

      Jobtitle

           Title

      Name

           User-Principal-Name

       

      We assign Name as the Target Key Attribute, as the UPN is unique in the AD.

      We also assign default values for the current and primary groups. Here we get an error telling that "Full Name" and "Login ID" are mandatory and require population. (Is this normal? How can I assign the Login ID? I would like that the Login ID is also the User-Principal-Name but there is not such an attribute anywhere... how can I specify that?)

       

      To implement the integrated login later, should we do any mapping to the Network login? Can someone explain us how to do this?

       

      Does the mapping that we do make sense? We have tried to find in the forums and documentation hints on how to map the fields or how to setup the import from end to end, but we have found nothing clear.

       

      Thank you very much in advance!

        • 1. Re: AD user import mappings advice requested
          Expert

          Target Module is System

          Target Business Object is End User

           

          We have a trigger that automatically puts end users into a Portal user role, no groups are assigned.  I assign Analyst groups manually. 

           

          It's been way too long ago I don't remember how we set up the logon info.

           

          http://community.landesk.com/support/docs/DOC-11425 may be of some help.

          1 of 1 people found this helpful
          • 2. Re: AD user import mappings advice requested
            Rookie

            Thank you!

             

            We have gone for a semi-automated approach, similar to yours; All the users are imported to the service desk from the AD as end-users, assigning them standard current and primary gropus. Then, whenever needed, we change each of them to analyst and assign groups and roles.

             

            For the generation/maintenance of the network logins we are using a table trigger on UPDATE and INSERT of the tps_user table,

            that uses the MERGE sql statement. That allows us to create new network logins for the users just imported by using INSERT, and to update those that change (not that probable... but who knows).

             

            The network login that we create is the AD User-Principal-Name, which we mapped during the import to the name attribute of the End-User object.

             

            This is the statement to create the trigger:

             

            SET ANSI_NULLS ON

            GO

            SET QUOTED_IDENTIFIER ON

            GO


            CREATE TRIGGER dbo.trigger_merge_user_network_login

               ON  dbo.tps_user

               AFTER INSERT,UPDATE

            AS

            BEGIN

                -- SET NOCOUNT ON added to prevent extra result sets from

                -- interfering with SELECT statements.

                SET NOCOUNT ON;

                -- Insert statements for trigger here

                MERGE dbo.tps_user_network_login as LDLOGIN

                USING dbo.tps_user as LDUSER

                ON (LDLOGIN.tps_user_guid=LDUSER.tps_guid)

                WHEN NOT MATCHED BY TARGET

                   THEN INSERT(tps_guid, tps_user_guid, tps_network_login) VALUES (NEWID(), LDUSER.tps_guid, LDUSER.tps_name)

                WHEN MATCHED

                   THEN UPDATE SET tps_network_login = tps_name ;

            END
            GO

             

            If the info for your network login is in another field, just replace tps_name with your chosen one.

             

            A shortcome of this method is that if you need more than one network login per user, the update will fail from that moment, as it relies in a 1:1 match between the user id in both tables.

             

            Message was edited by: Israel Otura Garcia