Active Directory User Sync
Provisioning users to the teem service can be a cumbersome and time consuming process. The goal of TeemADSync is to streamline process by copying users and groups out of Active Directory, and creating them within Teem
What can I do with users in Teem?
When a user logs into Teem they have access to the Employee Tools, like web booking, the Teem Mobile application, and are able to view FlightBoard.
In addition to that, users are sent to LobbyConnect devices to provide hosts to be selected from when a visitor arrives. Using this tool, the user list can easily be maintained.
Installation and Usage
Usage of this tool should be easy and straightforward. It will create any Groups or Users not already in Teem. It will skip any users that are disabled or are missing minimum information (e.g. email), and any groups that have zero users. On subsequent uses, the tool will update groups or users if something has changed, disable users in Teem if they have been disabled in Active Directory, and delete users that are no longer in the sync list. Presumably, this means that they have been deleted, but it can also happen if you restrict the user set to a specific OU.
- This tool must be run on a computer attached to a domain. It will read the current domain for users and groups.
- This tool must be run in Windows
- This tool does require a Teem Admin account to run. When prompted to log into and authorize Teem, please make sure you are an admin user.
- By default, this tool will create Teem users and groups for every user and group object within your Active Directory Domain. It will skip groups that have zero users, and users that are disabled or are missing minimum information. Should you wish to sync a smaller group please limit by OU.
First Run and Basic Options
If the default settings noted above are sufficient for your usage simply run the TeemADSync.exe file. When first run the following will happen:
- TeemADSync will run in a new text output window.
- TeemADSync will look for existing configuration files, and if not found will create a new configuration directory and file.
- A web browser window will open, and ask you to sign into Teem if you are not already. You will then be asked to authorize the Teem Active Directory Sync Application to create users and groups. Select Authorize. As TeemADSync continues this browser window can be closed.
- TeemADSync will then create groups, users, and assign users to the correct groups. Once this is completed the text output window will close.
If you do not want to use the default options, you can change those. To do so, you will need to use a terminal, such as PowerShell. Navigate to the directory where you have downloaded the TeemADSync.exe file (e.g. cd Downloads). Then do the following:
- Find the complete distinguishedName of the OU that you would like to limit user sync to (e.g. OU=OfficeStaff,OU=Users,DC=domain,DC=local).
- Within PowerShell run TeemADSync.exe with the OU option. (e.g..\TeemADSync.exe --ou "OU=OfficeStaff,OU=Users,DC=domain,DC=local"). This will save this preference, and sync only the users and groups that are within that OU.
Note: To select more than one OU, separate OU's with a semicolon (e.g., .\TeemADSync.exe --ou
There are other configurable options. Built in documentation is supplied with TeemADSync.exe to make working with these options easier. To access that documentation please use a terminal, such as PowerShell, and runTeemADSync.exe --help. This will output the help text and then exit.
Once you have run the tool with any options that you want to set, these options are saved. You can then run the tool without any other input and it will sync users and groups. You can then use Task Scheduler to have this tool run on a regular cadence. For details of using Task Scheduler, please refer to Microsoft Documentation.
How can I tell that it is running regularly? Please see the log located within this plugin. This log will show a summary of the last 10 successful sync attempts. If you see these attempts with appropriate timestamps, you will know that the plugin is running at its regular cadence.
Users are not being created anymore. This could happen for a couple of reasons. The first step would be to reauthorize the application. To do that, use PowerShell, navigate to the directory with TeemADSync.exe, and run .\TeemADSync.exe --require_reauth. This will remove any old authorization, and continue with the sync. Usually, this fixes any issues.
TeemADSync runs forever. This is common on the first run. We are going to sync all the users and groups, and this could take some time. On subsequent runs, the application will only sync users that are new, have changed in some way, or are deleted.
If you find that TeemADSync runs for excessive amounts of time, please run using PowerShell with increased debugging (.\TeemADSync.exe -l DEBUG). If anything looks out of the ordinary, please send this output to Teem Support for further troubleshooting.
When I authorize I get an error. This is uncommon. Usually simply running TeemADSync.exe again will repeat the authorization process and complete successfully. Should it not work on the first couple of tries, please reach out to Teem Support.