Active Directory User Synchronization

Overview

Hoozin provides a synchronization engine to synchronize Active Directory users with the hoozin internal directory

User accounts are managed in hoozin by the Active Directory Lightweight Services (AD LDS) Windows Server feature. Hoozin provides an extra tool that allows you to sync user accounts between a corporate Active Directory and AD LDS.

Tooling

The import/export tool is embedded in hoozin and available within the Central Administration site.

Windows Notepad is used to modify text files.

A shell window (batch or PowerShell) is used to force synchronization when needed, such as during the initial setup.

Preflight check

Enable features

In SharePoint Central Administration, activate the following features at the site collection scope:

Hoozin – Extended directory infrastructure
Hoozin – Extended directory repository management

Availability check

In SharePoint Central Administration, make sure that the new Hoozin – Extended directory tool category is available on the home page.

Web application setup

An additional expression builder must be appended to the Central Administration web.configfile, whose default path is \wwwroot\wss\VirtualDirectories\4008. The appended line must be located just above the </expressionBuilders> string with the following syntax:

<add
    expressionPrefix="HoozinHiveResources" 
    type="Prexens.Hoozin.Engine.ExpressionBuilders.SPHiveResources, Prexens.Hoozin.Engine, Version=14.0.0.0, Culture=neutral, PublicKeyToken=0afb724dcb92ffcb" />

Directory settings

Create a new configuration by creating a new item in Hoozin directory repositories.

Set the fields as follows, then click OK when done.

Field

Value

Directory title

Name given to the destination directory

Host name

NetBIOS or FQDN name of the server hosting Central Administration and AD LDS

Port

Port binded to AD LDS instance dedicated to hoozin. Default value: 50000

Partition distinguished name

DN of the AD LDS partition dedicated to Hoozin Default value: DC=prexens,dc=hoozin,dc=com

User name

SharePoint service account.

Required format: domain\account

Password

Service account password

Source

SharePoint web app hosting Hoozin

Synchronization source

Create a new source directory by choosing Files > New source directory.

Set the fields as follows, then click Next when done.

Field

Value

Source title

The title given to the source directory

Primary key

objectSid

Data connector

Choose Active Directory from the list

Schedule a job

Check this if a periodic synchronization between Active Directory and AD LDS is needed

Frequency

Choose the time frame of the beginning of the sync (we advise you to choose Daily)

On the Connector settings tab, set the fields as follows, then click Update when done.

Field

Value

Server name

NetBIOS or FQDN name of a domain controller, which can be obtained by running the echo %LOGONSERVER% batch command on the SharePoint server

Base DN

DC=hoozin,DC=com

LDAP filter

(&(givenName=*)(objectClass=User))

Service account login

Any active domain account with sufficient permissions to query the DC (preferably a service account)

Service account password

Password of the specified account

Service account domain

Domain name (short NT format)

In Fields section, add the following fields, then click Update when done.

sn
givenName
mail
objectSid
cn
displayName
sAMAccountName
userAccountControl

Important: You must re-enter the password each time you add a new field.

Synchronization settings

Create a new configuration by creating a new item in Hoozin directory synchronization settings.

Set the fields as follows, then click Next when done to continue to the next section.

General settings

Field

Value

Title

Name of the synchronization

Repositories

Name of the destination directory as specified above.

Class

Set this field to hoozinUser

Sources

Field

Value

Source

<name of the synchronization>.xml

Key

cn

Filters

Leave this tab as-is and click Next to continue to the next section.

Computed fields

Field

Value

Name

status

Formula

UCase(((([userAccountControl] - ([userAccountControl] mod 2)) / 2) mod 2) >0)

Mapping

Source

Destination

givenName

sn

displayName

mail

sAMAccountName

userPrincipalName

cn

objectSid

hoozinUserCorrelationIDs

status

msDS-UserAccountDisabled

Schedule

Field

Value

Schedule a job

Check this if a periodic synchronization between AD and AD LDS is needed

Frequency

Choose the time frame of the beginning of the sync (we advise you to choose Daily)

Advanced settings

Field

Value

Organizational Unit

OU=Users,OU=Hoozin

Action regarding orphan records

Choose Do nothing

Allowed user status update

Leave the default value set to Any status change

Action regarding "all members" group

Choose Add

Leave all of the other fields as-is, then click Update.

Initial synchronization

Instead of waiting for scheduled operations to export data from Active Directory and import them into AD LDS, the two operations can be forced using the following stsadm commands launched from a CMD shell.

Read data from Active Directory

"<stsadm.exe path>\STSADM.EXE" -o hoozin-directory-syncdirectorysource -name "<Source name>" -verbose

Write data to AD LDS

"<stsadm.exe path>\STSADM.EXE" -o hoozin-directory-syncdirectoryinstance -sync "<Synchronisation name>" -verbose

PreviousAD FS SharePoint Configuration NextGroups Synchronization

Last updated 6 years ago

Active Directory User Synchronization

Overview

Hoozin provides a synchronization engine to synchronize Active Directory users with the hoozin internal directory

Tooling

The import/export tool is embedded in hoozin and available within the Central Administration site.

Windows Notepad is used to modify text files.

A shell window (batch or PowerShell) is used to force synchronization when needed, such as during the initial setup.

Preflight check

Enable features

In SharePoint Central Administration, activate the following features at the site collection scope:

Hoozin – Extended directory infrastructure
Hoozin – Extended directory repository management

Availability check

In SharePoint Central Administration, make sure that the new Hoozin – Extended directory tool category is available on the home page.

Web application setup

<add
    expressionPrefix="HoozinHiveResources" 
    type="Prexens.Hoozin.Engine.ExpressionBuilders.SPHiveResources, Prexens.Hoozin.Engine, Version=14.0.0.0, Culture=neutral, PublicKeyToken=0afb724dcb92ffcb" />

Directory settings

Create a new configuration by creating a new item in Hoozin directory repositories.

Set the fields as follows, then click OK when done.

Field

Value

Directory title

Name given to the destination directory

Host name

NetBIOS or FQDN name of the server hosting Central Administration and AD LDS

Port

Port binded to AD LDS instance dedicated to hoozin. Default value: 50000

Partition distinguished name

DN of the AD LDS partition dedicated to Hoozin Default value: DC=prexens,dc=hoozin,dc=com

User name

SharePoint service account.

Required format: domain\account

Password

Service account password

Source

SharePoint web app hosting Hoozin

Synchronization source

Create a new source directory by choosing Files > New source directory.

Set the fields as follows, then click Next when done.

Field

Value

Source title

The title given to the source directory

Primary key

objectSid

Data connector

Choose Active Directory from the list

Schedule a job

Check this if a periodic synchronization between Active Directory and AD LDS is needed

Frequency

Choose the time frame of the beginning of the sync (we advise you to choose Daily)

On the Connector settings tab, set the fields as follows, then click Update when done.

Field

Value

Server name

NetBIOS or FQDN name of a domain controller, which can be obtained by running the echo %LOGONSERVER% batch command on the SharePoint server

Base DN

DC=hoozin,DC=com

LDAP filter

(&(givenName=*)(objectClass=User))

Service account login

Any active domain account with sufficient permissions to query the DC (preferably a service account)

Service account password

Password of the specified account

Service account domain

Domain name (short NT format)

In Fields section, add the following fields, then click Update when done.

sn
givenName
mail
objectSid
cn
displayName
sAMAccountName
userAccountControl

Important: You must re-enter the password each time you add a new field.

Synchronization settings

Create a new configuration by creating a new item in Hoozin directory synchronization settings.

Set the fields as follows, then click Next when done to continue to the next section.

General settings

Field

Value

Title

Name of the synchronization

Repositories

Name of the destination directory as specified above.

Class

Set this field to hoozinUser

Sources

Field

Value

Source

<name of the synchronization>.xml

Key

cn

Filters

Leave this tab as-is and click Next to continue to the next section.

Computed fields

Field

Value

Name

status

Formula

UCase(((([userAccountControl] - ([userAccountControl] mod 2)) / 2) mod 2) >0)

Mapping

Source

Destination

givenName

sn

displayName

mail

sAMAccountName

userPrincipalName

cn

objectSid

hoozinUserCorrelationIDs

status

msDS-UserAccountDisabled

Schedule

Field

Value

Schedule a job

Check this if a periodic synchronization between AD and AD LDS is needed

Frequency

Choose the time frame of the beginning of the sync (we advise you to choose Daily)

Advanced settings

Field

Value

Organizational Unit

OU=Users,OU=Hoozin

Action regarding orphan records

Choose Do nothing

Allowed user status update

Leave the default value set to Any status change

Action regarding "all members" group

Choose Add

Leave all of the other fields as-is, then click Update.

Initial synchronization

Read data from Active Directory

"<stsadm.exe path>\STSADM.EXE" -o hoozin-directory-syncdirectorysource -name "<Source name>" -verbose

Write data to AD LDS

"<stsadm.exe path>\STSADM.EXE" -o hoozin-directory-syncdirectoryinstance -sync "<Synchronisation name>" -verbose

PreviousAD FS SharePoint Configuration NextGroups Synchronization

Last updated 6 years ago