Skip to main content

Active Directory Sync

Tip

This workflow is part of the Server User Management Enterprise Utility and is not automatically installed with Alteryx Designer. To use this workflow, download it from the Alteryx Marketplace.

Use this workflow to sync updates from Active Directory (AD) to your Alteryx Server. Check if AD groups exist in Server, and create them if needed. Add or remove Alteryx Server users from User Groups based on their AD groups.

Requirements

  • Windows Active Directory server set up with users and groups.

  • Windows Remote Server Administration Tools must be installed on the machine used to connect to the AD server.

  • AD Server credentials: Server name or IP Address, username, and password.

  • Alteryx Server API Tool: Download from the Alteryx Marketplace.

  • Alteryx Server API credentials: Base URL, API Key, and API Secret. For more information, go to the API Overview help page.

Install

This workflow is a standard YXI installer. Download the Server User Management Enterprise Utility from the Alteryx Marketplace, and double-click the YXI to install it.

Once installed, you can find the workflow in Designer via Help > Sample Workflows > Enterprise Utilities > Server User Management > Active Directory Sync.

Configure

To configure the Active Directory Sync workflow, update the information in the tools inside a yellow comment box. You need to update the below tools.

Text Input Tool

Update the Text Input tool with the desired AD groups to investigate. You can enter multiple groups, 1 per row.

text-input-1.png

Macro Configuration

Update the macro configuration with your Windows AD Server credentials.

configure-macro-1.png

Server API Tool

Update the Server API tool with your Server API credentials.

server-api-tool-1.png

Workflow Components

The Active Directory Sync workflow is broken into several parts—each part serves a specific purpose.

  • The first section connects to the Active Directory server to retrieve the specified AD groups and the users within the groups.

  • Next, the Server API tool connects to your Alteryx Server to retrieve all User Groups and all Users.

  • Next, the workflow compares the information from Active Directory with the information in Alteryx Server for both groups and users.

    • The workflow passes any groups that exist in AD but not Server to the next section.

    • The workflow passes any users that exist in AD but not Server directly to the report output section.

  • Add missing AD groups to Alteryx Server: This process can add as many groups as needed with one call. Once added, the workflow pulls the updated list of Alteryx Server User Groups again and passes it downstream.

  • Once all User Groups exist in Alteryx Server, the workflow pulls the list of users in each group to compare against the list of users in each AD group.

  • The workflow compares users in the Alteryx Server User Groups to the users in the AD groups.

    • Users that are in an AD group but not the matching Alteryx Server User Group are added to the Server groups.

    • Users that are in Alteryx Server User Groups but not the matching AD Group are removed from the Server User Groups.

Output

The Reports section of the workflow builds the final report which includes 4 reports combined into a single PDF. Report information includes…

  • AD groups added to Alteryx Server.

  • AD users who need to sign in to Alteryx Server before they can be added to Server User Groups.

  • Users added to Alteryx Server User Groups.

  • Users removed from Alteryx Server User Groups.

Common Errors

Review common errors that you might encounter.

  • "Get-ADGroup is not recognized as cmdlet": This error comes from the Powershell script that tries to reach the Active Directory server. The error indicates that the Remote Server Administration tools are not installed. To install, open an administrator instance of Powershell and run this command:

    Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online | Add-WindowsCapability -Online

    Tip

    This error might also present as "Get-ADUser" but the fix is the same.

  • ""Mask Text" option for Text Box question is not allowed in current DCM configuration": This error comes from the DCM settings for Designer. If the DCM setting is set to DCM Only the mask text option is not allowed.

    Go to Options > User Settings > Edit User Settings and enable the check box for Override DCM Settings. Set DCM Mode to DCM as Default and set SDK Access Mode to AllowAll.