Documentation

Active Directory synchronization tasks (7.1.0)

Active Directory synchronization tasks

There are five Active Directory synchronization tasks available:

  • Bulk create users: This synchronizes the ThoughtFarmer user list with the Active Directory group it is configured to sync with. When a sync occurs, users that are in the AD group but not in ThoughtFarmer have profiles created and field mappings populated.
  • Bulk deactivate users: This synchronizes the ThoughtFarmer user list with the Active Directory group it is configured to sync with. When a sync occurs, users that are not in the AD group, or whose accounts are disabled in AD, will be marked as inactive in ThoughtFarmer.
  • Refresh mapped user fields where the data owner is AD: This overwrites user profile fields with the values from AD, when AD is the data owner.
  • Refresh group page membership from AD groups: This synchronizes the group page memberships in ThoughtFarmer with their mapped groups in AD.
  • Refresh security profile membership from AD groups: This synchronizes the security profile memberships in ThoughtFarmer with their mapped groups in AD.

It is important that you verify the membership of the synced with AD group that is configured on the Active Directory page. If this group is not completely up-to-date in AD then the Bulk-Create and Bulk-Disable tasks may add or disable users that you did not intend to be.

AD Photo Sync

As of ThoughtFarmer 7.1, it is possible to sync the profile photo field of ThoughtFarmer with Active Directory (AD). The sync can be TF to AD or AD to TF. AD has restrictions on profile photos - they must be smaller than 96x96 pixels and smaller than 100 kb. Users can upload profile photos larger than these restrictions, but they will automatically be resized to meet the AD restrictions when the photo sync takes place. This may affect the photo quality in AD and other applications tied to AD. It will not affect the photo quality in TF. AD photo sync does not support animated GIFs as profile photos.

Daily synchronization

The AD synchronization tasks can be configured to run daily at a specified time. It is recommended to set this to run at a time when users will not be accessing the intranet.

Configure Active Directory daily synchronization

  1. Go to the ThoughtFarmer Administration Panel: Users & security section > Active Directory page.
  2. Scroll down to the Daily synchronization section and click enable (if not already set).
    6.7Admin8685DailySync2.png
  3. Click change.
  4. Click the checkbox beside any tasks you wish to run daily.
    6.7Admin8685DailySync4.png
  5. Set the Daily synchronization time in 24 hour format (local web server time).
    6.7Admin8685DailySync5.png
  6. Click Save settings.
If daily sync is enabled then an additional log trimming task will run by default. This will occur even if no other AD tasks are enabled. This task will clean out all system log entries older then a certain age depending on the type of log entry. This task will delete:
  • ERROR messages older than 6 months
  • WARNING messages older than 2 months
  • INFO and DEBUG messages older than 1 month

On-Demand synchronization

Any of the AD synchronization tasks can be triggered at any time using the On-Demand synchronization section on the Users & security > Active Directory page.
6.7Admin8685OnDemandSync.png
Simply check the box beside the task(s) you wish to run and click Synchronize now. The ThoughtFarmer Service will log all information about the tasks in the System Log. You can examine the log to check on task progress and completion.