Active Directory Sync Overview
docMgt Active Directory Sync is a command-line tool that is designed to synchronize Users and Groups from Active Directory to docMgt. Use this tool when you need to be able to manage your users and teams from AD but do not require active AD integration such as single sign on.
Installation is very straight forward. Copy and extract the ZIP file onto a Windows computer that is running in the domain. Configure the settings by editing the “docMgt.ADSync.exe.config” file in Notepad, Notepad++ or similar text editor. Then simply run the application to start the sync process.
The following settings are available:
dmServerURL – The URL of the docMgt server to sync with AD. This must be the complete URL. For example, https://yourserver.domain.com.
dmSyncUser – This is the login name of the user to use for managing docMgt. This MUST be an existing docMgt user with Administrator rights in order to sync with the domain.
dmSyncPassword – This is the password of the user to use for managing docMgt.
dmAdminGroup – This is the name of the AD group that holds the users that will be synced from AD to docMgt as docMgt Administrators. Any user in this AD group will have its ADMIN flag set to ON so they will be an administrator in docMgt. If you later remove the user from this AD group then that user will have its Administrator flag in docMgt removed when this sync happens again.
SyncGroup – This is the name of the AD group that holds the users that will be synced into docMgt. Use this ONLY if you wish to only sync a specific group to docMgt. If this is left blank then all AD users will be synced into docMgt.
DefaultPassword – This is the password that will be assigned to any suers that are created in docMgt via the AD Sync process. These users will be forced to change their docMGt password upon their first login.
DebugMode – Set to “true” to run through the process and log the changes that would be made but NOT actually make them. This is useful for first runs to be sure all the users and groups you expect to see are there. Set it to “false” to actually process the users and groups.
PauseMode – Set to “true” to have the process stop at the end of the sync and wait for a key to be pressed before exiting. This is useful to review the output while testing. SEt it to “false” to have the program exit immediately when finished. You should set this to “true” in production.
Running the Sync Tool
Since Active Directory Sync is a command-line tool it can be run manually by simply double-clicking the application. If you want to schedule it to run every day or every week then it can be scheduled using Windows Task Scheduler or similar scheduling application. This way your changes to AD will come over to docMgt automatically.
Active Directory Sync Processing
When the Active Directory Sync tool processes users, it compares the Groups in AD to the Teams in docMgt. If a user is in a Group in AD and that user has access to a Team with the same name in docMgt then the user is placed in that Team in docMgt. If there is a Group in AD that the user is NOT in that has the same name in docMgt then that user is removed in docMgt. With this mechanism you can control users’ Team memberships via your AD system.
The names of the Groups in AD must match the names of the Teams in docMgt for the sync to know which Teams the user belongs in. If you have Groups in AD that do not have a match in docMgt then that Group is not used in docMgt security. By the same logic, if you have Teams in docMgt that do not have a match in AD then that Team membership is not altered with the AD sync. This allows you to have some Teams that are docMgt only and some Groups that are AD only.