Configuring the Active Directory Module

Now that the preliminary steps are completed, you can go ahead and begin the actual set up of the Active Directory Module. This can only be performed by an Issuetrak user with the “Can access and maintain Administration functions” permission or the “Sys Admin” parameter and must be repeated for each AD server that will be communicating with Issuetrak.

It is necessary to activate the Active Directory module before any of these settings can be adjusted.  You can learn how to do that here.


 

Adding specifications of the AD server

If you have multiple domain controllers on the same domain, normally only one entry is needed in the Server List. For the Server field, input the Domain name, and Issuetrak will use any Domain Controller that is available when connecting to AD.

Steps:

  1. Navigate to Administration > Identity Management > Active Directory > Server List > Add.

  1. Enter the computer name or DNS name in the Server field.
  2. Enter the fully distinguished domain name of the connection user in the User DN field.
  3. Fill the User ID field in Domain\SAM Account Name format. (The SAM Account Name can be found on the Attribute Editor tab of the user's Active Directory Profile in AD.)
  4. Enter the Password for the connection user in the field provided.
  5. Verify the Domain in which the server resides appears accurately in the field provided. This field pre-populates as the connection user is entered. If the domain which appears is incorrect, the User DN is incorrect.
  6. Enter the Search Order for this server if you will have multiple servers in the Server List.
  7. If SSL should be used when connecting to this server, select Use SSL and enter the SSL port number and Global Catalog SSL port number in the fields provided. This is normally port 636 for SSL and port 2369 for Global Catalog SSL.
  8. Click Update to save these settings. The message “Server successfully added” will appear when the record has been saved.
  9. Click Test Connection.

A Connection Test window should appear and the message “Connection Test Successful” should be displayed at the bottom. If so, close the Connection Test window. You will be returned to the Active Directory Server Information screen where you can complete the mapping.

If the message “Connection failed” is displayed instead, the specification(s) causing the failure should be identified in red within the Connection Test window. Attempt to correct these specifications in the Active Directory Server Information screen, then click Update. Test the connection again. 


 

Enable Logging

In the event that you're not able to achieve a successful connection test with the AD settings you've specified, you can enable logging that will capture event detail relating to clicking on the Test Connection button.

Steps:

  1. On your site's Web server navigate to your site's web folder, then navigate to its \Core\App_Data folder.
  2. Edit the NLog.config file.
  3. Do a CTRL-F and search for the string:  writeTo="ActiveDirectoryLogFile
  4. Only one line will be found.  It should look like this:
     
    <logger name="*" levels="Info" writeTo="ActiveDirectoryLogFile" enabled="false" />
    Perform the following actions on that line:
    1. Change Info to Trace.
    2. Change False to True.
  5. Save the file.
  6. Within Issuetrak's Active Directory settings, click the Test Connection button again. A log file should be generated within \Core\App_Data\Logs. This should provide information that can help with troubleshooting the connectivity problem.

When you no longer need logging enabled for this, it is recommended to revert the changes you made above.

If you are unable to achieve a successful connection after following the steps above, please contact our Support Team for assistance.


 

Mapping User Attributes

In order to successfully import a user from Active Directory, an Issuetrak Template under Determining User Permissions and an Organization under Determining Organization are both required to be mapped to that user's Active Directory Group or OU. Location and Department mappings are optional.

Best practices dictate that only one of the following types should be used when creating mappings: Active Directory Group or Active Directory OU.

Steps:

  1. Scroll to the Determining User Permissions section of the Active Directory Server Information screen.

  1. Enter an appropriate Group/OU in the field provided for Active Directory Group/OU.  There is no need to include the FQDN in these.
    1. OU mappings should be entered in the format of:  ou=OUName
    2. Group mappings are more trivial to add, and can simply be entered into the field as:  GroupName
  2. Click the magnifying glass next to the EndUser Template field to select the End User template.
  3. Click Add. A confirmation message will appear when this process is complete.
  4. (Optional) If role-based Groups/OUs and templates were established during preparation, repeat to map each role-based Group/OU on this server to its corresponding user template.

 

Mapping Organizations

In order for Organization values to be mapped/matched to AD values, these entities must be created in Issuetrak first. This can only be performed by someone with the “Can access and maintain Administration functions” permission or the “Sys Admin” parameter.  Please reference the Managing Organizations article for instructions.

Steps:

  1. Scroll to the Determining Organization section of the Active Directory Server Information screen.

  1. Enter an appropriate Group/OU in the field provided for Active Directory Group/OU.
  2. Click the magnifying glass in the Issuetrak Organization field to select the Organization to map to.
  3. Click Add. A confirmation message will appear when this process is complete.
  4. (Optional) If you have additional organizations that you need to include, repeat to map each Group/OU on this server to its corresponding organization.

 

Mapping Locations

In order for Locations values to be mapped/matched to AD values, these entities must be created in Issuetrak first. This can only be performed by someone with the “Can access and maintain Administration functions” permission or the “Sys Admin” parameter.  Please reference the Managing Locations article for instructions.

Steps:

  1. Scroll to the Determining Location section of the Active Directory Server Information screen.

  1. Enter an appropriate Group/OU in the field provided for Active Directory Group/OU.
  2. Click the magnifying glass in the Issuetrak Location field to select the location to map to.
  3. Click Add. A confirmation message will appear when this process is complete.
  4. (Optional) If you have additional locations that you need to include, repeat to map Group/OU on this server to its corresponding location.

 

Mapping Departments

In order for Departments values to be mapped/matched to AD values, these entities must be created in Issuetrak first. This can only be performed by someone with the “Can access and maintain Administration functions” permission or the “Sys Admin” parameter.  Please reference the Managing Departments article for instructions.

Steps:

  1. Scroll to the Determining Department section of the Active Directory Server Information screen.

  1. Enter an appropriate Group/OU in the field provided for Active Directory Group/OU.
  2. Click the magnifying glass in the Issuetrak Department field to select the department to map to.
  3. Click Add. A confirmation message will appear when this process is complete.
  4. (Optional) If you have additional departments that you need to include, repeat to map each Group/OU on this server to its corresponding department.

 

Mapping Additional Attributes

This task can only be performed by an Issuetrak user with the “Can access and maintain Administration functions” permission or the “Sys Admin” parameter.

Steps:

  1. Navigate to Administration > Identity Management > Active Directory > Map Additional Attributes. Each User-Defined Text Field you created for user records will appear with your defined label and a drop-down next to it.
  2. Select Include Extended Attributes at the top of the field list. (Only the most popular attributes are listed by default. This will ensure all available AD attributes appear in the drop-down lists.)
  3. Click the drop-down next to the User-Defined Field value.

  1. Select the AD attribute this particular field should be mapped to from the list.
  2. Repeat steps 3 and 4 for each additional attribute to be mapped.
  3. Click Update to save these mappings.

A confirmation message will appear when this process is complete.


 

Performing a Search Test

Steps:

  1. Scroll to the Search Test section of the Active Directory Server Information screen.

 

  1. Enter an AD User ID from this server in the field provided. (Password is not required)
  2. Click Search.

A User Search Test window should appear. The user's organization and any other Issuetrak-related memberships or corresponding templates will be displayed in the grid towards the bottom. If this information has been transferred correctly, close the User Search Test window.

If this information has not been transferred correctly, review the details of the User Search Test window to ensure the user has the appropriate memberships within AD. Then verify all the determining memberships are mapped correctly in the Active Directory Server Information screen. Then try to perform a Search Test on the user again. If you are still encountering difficulty with getting the correct information to display, please contact our Support Team for assistance at 757-213-1351, support@issuetrak.com or https://support.issuetrak.com.