Chat now with support
Chat with Support

On Demand Migration Current - Active Directory Express User Guide

Workflows

What is a Workflow?  

A workflow is a configurable series of steps that provides an easy automation framework to connect and manage Directory object synchronization. Activities such as creating, updating and deleting objects along with property/attribute synchronization and transformation.

 

How do I create and manage Workflows?  

 

To create a Worklfow, simply open the left navigation menu and click Create a Workflow in the side navigation menu, see figure 1, or click the New button under Workflows on the dashboard. The Workflow Wizard will open and will guide you through the creation of the Workflow.

To manage a Workflow, click the Manage button under Workflows on the dashboard.

Figure 1: Directory Sync Setup and Settings Menu

Figure 1: Side Navigation Menu

 

What should be entered as the Workflow Name?  

You can name your workflow anything you'd like but remember that you may be referencing the same environment in multiple workflows. We suggest a name that generally describes the flow of objects. Then use the description field for the distinguishing characteristics. After this step, the wizard will guide you through all the necessary components that will make up your workflow.

 

What are the steps to create a Workflow?  

Migration for Active Directory Express uses a wizard interface to guide you through the steps of creating and configuring the Workflow. To launch the wizard, click Create a Workflow in the side navigation menu or click the New button under Workflows on the dashboard.

Steps of the Workflow Wizard:

  1. Select Environment Types - You are prompted to select the environment type for both source and target environments. Options are Local (a traditional on-premises Active Directory environment.) and Cloud (a Microsoft Entra ID environment.) See the Environments topic for more information.

  2. Configure Source Environment:

    1. Provide source environment name - Provide a descriptive name for the source environment that makes it easy to identify. For example, the Bluefish Resort on-premises Active Directory environment could be named bluefishresort.com.

    2. (For Local Environments) Provide a name for the agent - Enter the name of the server used as the Directory Sync Agent. Directory Sync Agent is needed to connect to the local Active Directory Environment. See the Agents topic for more information.

    3. (For Local Environments) Deploy a new agent - Download the Agent and use the provided information when installing the agent software on a domain-joined machine. See the Agents topic for more information.

    4. (For Local Environments) Deployed Agent status -The current status of the agent deployment.

    5. (For Cloud Environments) Connect to your Cloud Environment - Add a commercial or GCC tenant. Important: A Service Principal and two PowerShell service accounts will be created in the tenant. These service accounts must be excluded from MFA requirements, as described in the Account Prerequisites

  3. Configure Target Environment:

    1. Provide target environment name - Provide a descriptive name for the target environment that makes it easy to identify. For example, the Bluefish Resort on-premises Active Directory environment could be named bluefishresort.com.

    2. (For Local Environments) Provide agent name - Enter the name of the server used as the Directory Sync Agent. Directory Sync Agent is needed to connect to the local Active Directory Environment. See the Agents topic for more information.

    3. (For Local Environments) Deploy Agent - Download the Agent and use the provided information when installing the agent software on a domain-joined machine. See the Agents topic for more information.

    4. (For Local Environments) Deployed Agent status - The current status of the agent deployment.

    5. (For Cloud Environments) Connect to your Cloud Environment - Add a commercial or GCC tenant. Important: A Service Principal and two PowerShell service accounts will be created in the tenant. These service accounts must be excluded from MFA requirements, as described in the Account Prerequisites

  4. Configure Workflow:

    1. Name the Workflow - You can name your workflow anything you'd like but remember that you may be referencing the same environment in multiple workflows. We suggest a name that generally describes the flow of objects. Then use the description field for the distinguishing characteristics.

    2. Users File to import for scoping and matching - Upload a CSV containing the Users to discover from the Source and the Users to match in the Target. Note that Import file must include ObjectID’s. The file must include at least one user to continue.

    3. Groups File to import for scoping and matching - Upload a CSV containing the Groups to discover from the Source and the Groups to match in the Target. Note that Import file must include ObjectID’s

    4. Devices File to import for scoping and matching - Upload a CSV containing the Devices to discover from the Source. Note that Import file must include ObjectID’s

    5. Select OU’s in which to create objects - This is the Organizational Unit where you plan to store any newly created objects.

    6. Choose your target domain - Select from the list of domains.

    7. Password Settings - Enter the default password for new users. Note that the password policy on the source must meet or exceed the policy on the target.

  5. (For Local Environments) Configure Migration Profiles - Configure the Device Migration options. See the Migration Profiles topic for more information.

  6. (For Local Environments) Configure Credential Profiles - Credentials Profiles contain the source and target administrator’s credentials and domain information used during an Offline Domain Join (ODJ) or remote device cutover process. See the Credential Profiles topic for more information.

  7. (For Local Environments) Configure Credential Cache Profiles - Credentials Cache Profiles contains the target domain controller information required to cache a user’s target credentials prior to the Offline Domain Join (ODJ) cutover process. You may skip this step if Offline Domain Join is not in-scope of your migration project. See the Credential Profiles topic for more information.

  8. (For Cloud Environments) Microsoft Entra ID Join Profile - Microsoft Entra ID Join Provisioning Package file contains the target Microsoft Entra ID information used during Microsoft Entra ID Device cutover process.

  9. Repositories - Repositories are specified storage locations on your network used for the following specific job types. See the Repositories topic for more information.

  10. Downloads - See the Downloads topic for more information.

  11. Summary - Please verify that all of the information has been correctly entered. Click the Edit button next to information that needs to be changed. Click Run Workflow to start the workflow or click the X button to finish changing the wkflow without running the workflow.

Environments

What is an Environment?  

If a workflow is a series of action steps, an environment is the receiver of those actions. In the Workflow Wizard, you will choose two environments, a source and a target, that the workflow will take actions against.

 

Where do I manage Environments?  

To manage environments, select an environment from the Environment Summary table on the dashboard and click the Manage button.

 

How are Environments added?  

The Workflow Wizard will guide you in adding a Source and Target Environment.

 

How do you export a list of Users, Groups, Contacts, and Devices in an environment?  

On the dashboard, click the Manage button under the Environment Summary table. On the Environments page, select an environment and click the Details button. Expand an object list and click the Export button to download a CSV file of the Users, Groups, Contacts, and Devices.

 

How do you unmatch Users, Groups, Contacts, and Devices so they will not be synchronized?

On the dashboard, click the Manage button under the Environment Summary table. On the Environments page, select an environment and click the Details button. Expand an object list.select an object in the table and click the Unmatch button. The Match Status for the object will change to "Unmatched" and the object will not be synchronized.

 

How do you view logs for local environments?  

Select a local environment in the Environments table and then click Discovery Logs to export a CSV with password or discovery information.

 

How do you discover local environments?  

Select a local environment in the Environments table and then click Discover to begin the discovery process for the environment.

Agents

What is the Directory Sync agent?  

The Directory Sync agent is the key component that communicates with the Active Directory environment.

 

Where do you install the agent?  

The agent must be installed in every forest that you plan to include as a Directory Sync environment. We suggest that you create a virtual machine exclusively for this purpose. Review the Requirements for the minimal hardware and software requirements.

 

How do I download and install the agent?  

You will be able to download the latest version of the agent from the Deploy a new agent screen of the Workflow wizard. Copy the URL and the access key that will be needed during the install of the agent. The downloadable executable is the same for all projects, it is the Registration URL and Registration Key that makes the agent unique when it is installed.

To install of the agent enter credentials that have read or read\write access to the domain, depending on the direction of synchronization.

Copy and paste the information from the Directory Sync agent screen.

No further action is needed on the workstation. A look at services confirms that the Directory Sync agent is running.

A list of agents appears on summary screen, including status information as well as the registration URL and access keys should you need them again in the future.

Please Note: If using the agent Auto-Upgrade feature and deployment software that uses MSI ProductCode based detection, the Auto-upgrade feature should be disabled after initial deployment or the detection method should verify via a folder path.

 

Where do I manage agents?  

To manage agents, select the Manage button under the Environment Summary table on the dashboard. Then select an environment on the Environments page and click the Settings button. Select the Agents tab to manage the environment’s agents.

 

How do I manage the agents?  

On the Agents page, you can check the current status of your current agents or add new ones. Select an agent for additional options. You have the option to copy the Registration URL or the Registration Key if you need to reinstall the agent for any reason. The History button will give you details on the run history. When the agent is updated, any agent using the old version will offer you the upgrade option so that you can update your current agent installation.

 

How do I uninstall an agent?  

If you need to uninstall an agent from any machine, in order to reinstall on the same machine, you must first delete the registry folder located at HKEY_LOCAL_MACHINE> SOFTWARE> Quest > Agent and then uninstall.

Afterwards, simply create a new agent (with a new access key) under Agents managements from the left navigation menu before re-installing on the same machine.

Profiles

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating