Active Directory Synchronisation Overview
Periscope GC directory information can be automatically populated and updated from information available in the customers’ Active Directory (AD). Assuming the following minimum information is available and in a standard format within AD;
- SIP (email) Address
- Mobile (Requires ITEMS Module)
- Landline (Requires ITEMS Module)
The following is required for Periscope GC directory to be able to be synchronised with information from Active Directory:
- Periscope Server must be on the same domain as the Active Directory Server
- Base user domain (container/s) for the users
- This document refers to synch with a single AD, synch with multiple ADs or alternate synch source such as csv is available (please contact CVT for clarification)
- An LDAP account with read-only permissions to Active Directory
- AD server details: IP / Server Name / Port / Domain
- By default, the device formats noted in the AD attributes require to be consistent and match the format in CDR or service provider bill records
Note: A Person/User object which does not have any Device will not be created within the Periscope directory.
|Field name||Datatype||Max.Length||Example data||Description|
|Site||Text||50||Site 1||Parent Object|
|Department level 1||Text||50||Department 1|
|Department level 2||Text||50||Department 2|
|Department level 3||Text||50||Department 3|
|Person name||Text||50||User 1|
|Email address||Textfirstname.lastname@example.org||Can also be SIP address|
Synching of Organisation Structure
Periscope GC can synchronise the organisation structure (departments) from AD user property fields.
The Periscope GC directory can be synched from AD a single or a collection of AD fields.
Above image shows the organization tab where site and department details can be noted in order to create and synch directory structure. Other available fields can also be used such field in the ‘General’ tab.
The full directory path for each user needs to be available i.e.;
Site ; Department Level 1; Department Level 2; Department Level 3 etc
This can be entered into a single AD field, such as department, as per following format;
NB: It needs to be clear from the attributes that the user object needs to be synched, it can be denoted by having a field populated or empty, e.g. the ‘TelephoneNumber’ field having a number in it. Devices (classified as extensions) in the Periscope system manager need to be unique.
Synch of Users
Users required to be reported on are synchronised from AD fields.
From the AD fields entered in the General tab we can synch the user name, main phone number and email address. If an AD user does not have any devices defined it will not be entered in the Periscope GC directory. Directory placement information can also be taken from these fields.
Further user device information can be synched from the ‘Telephones’ tab, see following examples.
cn: Blair Wilkinson;
company: CVT Global Pty Ltd;
description: Sales & Marketing;
displayName: Blair Wilkinson;
distinguishedName: CN=Blair Wilkinson,OU=Melbourne,OU=CVT,DC=CVT,DC=COM,DC=AU;
Periscope GC Synch Mechanism
The Periscope GC synch mechanism is implemented as a Windows service which includes the ability to set the frequency of the synch. Generally the synch is done daily.
The synchronisation will only update changed data to the Periscope GC. If an object is entered to the GC directory for the first time it inherits the object start time of its’ immediate parent object. If the object is moved or deactivated and then re-entered in the Periscope GC it takes on the time of the move as its’ current start time at new location.
Historic reporting is currently available at the department level.
The synchronisation mapping between AD and Periscope GC is via xml.
Points of Note on the Synch Mechanism
1. Synchronization is hosted in window service
2. Has two options: schedule option and ‘run now’ option (Run now option should only be used by CVT engineers)
1. Provides log file of synch activity
- Date and time of synchronization
- How many objects are created/deactivated/updated/duplicated
Synchronization with Selected Departments
It is possible to setup areas of the directory to not be synched with AD, the areas require to be separated from the departments that are synched with AD.