Active Directory synchronization tasks (7.1.1)

Active Directory synchronization tasks

There are five Active Directory synchronization tasks available:

  • Bulk create users: This synchronizes the ThoughtFarmer user list with the Active Directory group it is configured to sync with. When a sync occurs, users that are in the AD group but not in ThoughtFarmer have profiles created and field mappings populated.
  • Bulk deactivate users: This synchronizes the ThoughtFarmer user list with the Active Directory group it is configured to sync with. When a sync occurs, users that are not in the AD group, or whose accounts are disabled in AD, will be marked as inactive in ThoughtFarmer.
  • Refresh mapped user fields where the data owner is AD: This overwrites user profile fields with the values from AD, when AD is the data owner.
  • Refresh group page membership from AD groups: This synchronizes the group page memberships in ThoughtFarmer with their mapped groups in AD.
  • Refresh security profile membership from AD groups: This synchronizes the security profile memberships in ThoughtFarmer with their mapped groups in AD.

It is important that you verify the membership of the synced with AD group that is configured on the individual Active Directory page found on the Administration panel: Users & security > Employee directory connector page . If this group is not completely up-to-date in AD then the Bulk-Create and Bulk-Disable tasks may add or disable users that you did not intend to be.

AD Photo Sync

As of ThoughtFarmer 7.1, it is possible to sync the profile photo field of ThoughtFarmer with Active Directory (AD). The sync can be TF to AD or AD to TF. AD has restrictions on profile photos - they must be smaller than 96x96 pixels and smaller than 100 kb. Users can upload profile photos larger than these restrictions, but they will automatically be resized to meet the AD restrictions when the photo sync takes place. This may affect the photo quality in AD and other applications tied to AD. It will not affect the photo quality in TF. AD photo sync does not support animated GIFs as profile photos.

Daily synchronization

The AD synchronization tasks can be configured to run daily at a specified time. It is recommended to set this to run at a time when users will not be accessing the intranet. The daily synchronization tasks are set to disabled by default.

Configure Active Directory daily synchronization

  1. Go to the ThoughtFarmer Administration Panel: Users & security section > Employee directory connector page.
  2. Click on the Active Directory name for which you want to change the synchronization tasks.
  3. In the Daily synchronization section, click change at the bottom.
  4. Click the gear icon beside the sync task that you want to change, and click Edit.
  5. Under Status, select the checkbox to enable the task, or deselect the checkbox to disable the task.
  6. Set the synchronization Time in 24 hour format (local web server time).
  7. Set the synchronization Frequency by entering the number of hours between synchronizations. 
  8. Click Save.
  9. Repeat steps 4-8 to configure the other tasks.
If daily sync is enabled then an additional log trimming task will run by default. This will occur even if no other AD tasks are enabled. This task will clean out all system log entries older then a certain age depending on the type of log entry. This task will delete:
  • ERROR messages older than 6 months
  • WARNING messages older than 2 months
  • INFO and DEBUG messages older than 1 month

On-Demand synchronization

Any of the AD synchronization tasks can be triggered at any time using the On-Demand synchronization section on the Administration panelUsers & security > Employee directory connector > Individual Active Directory page.
Simply check the box beside the task(s) you wish to run and click Synchronize now. The ThoughtFarmer Service will log all information about the tasks in the System Log. You can examine the log to check on task progress and completion.

There are two tasks available for On-Demand synchronization that are not available in the Daily synchronization section: Refresh user lookup list and Refresh group lookup list. These tasks are triggered as part of other tasks and run in the background repeatedly, but can be run on demand when an immediate refresh is desired.