On Demand Migration Current - Active Directory Users, Groups and Contact Sync Set Up Quick Start Guide

Setup Workflows

Follow these steps to create two (2) new workflows for reading, matching, staging and writing data. 

How to create a one-way sync workflow for Local to Local

1. Navigate to Workflows

2. Click the New button

3. Name and Describe the template, Click Next

4. Select the all two (2) local Active Directory environments created previously, Click Next

5. Select ONE-WAY SYNC, Click Next

6. The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories. 

7. Start at the top of the steps, 1. Read From. Click the Select button

8. Select all two (2) environments created previously the click OK

9. Move to Match Objects

   1. This is the step where you will decide on how to match existing objects across your local Active Directories

   2. Matching is conducted by pairing sets of attributes to find corresponding objects

   3. Your two (2) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching

   4. For the purpose of Password Synchronization, it is most important that existing objects are correctly matched to perform Password Synchronization.

10. Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment

Figure 1: Example Match Objects Criteria

1. Select your source local environment from the drop-down menu

2. Select your target local environment from the drop-down menu

3. Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria

4. Choose the sAMAccountName attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.

7. In our case we are adding three (3) additional attribute pairings to our criteria

8. cn – This attribute was added to ensure we can match existing objects based on CN.

9. UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string.

10. Mail – This attribute was added to ensure we can match existing objects based on Mail.

Note: Matching attributes should be reviewed and adjusted based on actual project scope, there isn’t a set matching rule that will fit all scenarios.

11. Ensure Match Across all object types is not checked in this case.

12. There is no need in this guide to Add Another Pair, click OK to close this configuration

11. Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above.  Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.

    1. Select the “Local to Local Sync” template, Click Next

    2. Select the source local environment as your source, Click Next

    3. Select the target local environment as your target, Click Next

    4. Select the default target domain name, Click Next

    5. Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,

    6. In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.

    7. Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation.  Click Next

Figure 2: Example Source OU setup.

8. Select the default OU for newly created objects for Users, Groups, Contacts, and Devices.  In our case, we can select the same OU for all object types as we are only syncing user as contact.

Figure 3: Example Target OU setup.

9. Click Finish

12. Click the Select button to configure the WRITE TO workflow task. Ensure the target environment is selected, Click OK

13. Click Next

14. Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed.  Click Next

15. Setup any workflow alert you may wish to configure, for now, Click SKIP

16. Click Finish

Set up Test Objects

Follow these steps to create test objects in the source environment to validate the Users, Groups, Contacts Sync workflow.

1. Setup the user object in the source local environment and ensure it is part of the OU filter setup for the Local Environment.

   1. User Object - DisplayName: Lab1User1

2. Setup the group object in the source local environment and ensure it is part of the OU filter setup for the Local Environment.

   1. Global Group Object - DisplayName: Lab1Grp1

   2. Universal Group Object – DisplayName: Lab1Grp2

   3. Domain Local Group Object - DisplayName: Lab1Grp3

3. Setup the contact object in the source local environment and ensure it is part of the OU filter setup for the Local Environment.

   1. Contact Object - DisplayName: Lab1Contact1

Validating the Workflow

Follow the below steps to perform Real Time Users, Groups, Contacts Sync workflow and validation.

1. Select the workflow configured and click on RUN.

2. Allow the workflow execution to complete.

3. Validate Lab1User1 from source local Active Directory will be created in the correct target OU defined in the workflow. 

4. Validate Lab1Grp1 from source local Active Directory will be created as Global Group in the correct target OU defined in the workflow. 

5. Validate Lab1Grp2 from source local Active Directory will be created as Universal Group in the correct target OU defined in the workflow. 

6. Validate Lab1Grp3 from source local Active Directory will be created as Domain Local Group in the correct target OU defined in the workflow. 

7. Validate Lab1Contact1 from source local Active Directory will be created in the correct target OU defined in the workflow.