Microsoft Active Directory Integration

Active Directory Domain Services provide secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services. Active Directory Domain Services provide support for locating and working with these objects.

What does Opsgenie offer Microsoft Active Directory users?

Opsgenie supplies a utility for synchronizing Active Directory users and groups with Opsgenie. Use this utility to select Active Directory groups to keep synchronized with Opsgenie.

Functionality of the integration

After configuring the utility, it will start synchronizing the selected Active Directory groups with Opsgenie. It creates teams in Opsgenie for the Active Directory groups if a team with the same name doesn't exist in Opsgenie. Then it adds the members of the Active Directory group to the team in Opsgenie. It creates the users if they don't already exist.

The utility only creates users in Opsgenie if they have an email address set in Active Directory.

If the "Apply Deletions" option is selected true in the configuration, it removes the users from synchronized teams in Opsgenie if they're removed from the Active Directory groups. Also, if the user doesn't exist in any of the other synchronized groups it deletes the user in Opsgenie. If the selected group doesn't have any members, the utility won't create the corresponding team in Opsgenie. If the group has created before but left with no members, the corresponding team is deleted in Opsgenie. All of these deletion operations depend on the apply deletions option. If it's false, no deletions occur.

Installation

  • Download the ZIP package from here.
  • Unzip the ZIP file to a directory.
  • Configure the utility by editing the activeDirectorySync.conf file.
  • All of the parameters in the configuration file are explained in the table in the Configuration section below.
  • After the configuration, run the activeDirectorySync.exe to start the synchronization manually, or add the executable as a scheduled task to automate the synchronization. See the Automating the synchronization process section below.

This utility executes a Powershell script to function. Allow running unsigned Powershell scripts by running the command below in a Powershell session as Administrator.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Windows automatically blocks downloaded executable files. Unblock the activeDirectorySync.ps1, activeDirectorySync.exe and activeDirectorySync_64.exe, if blocked.
Otherwise, AuthorizationManager check failed error message may occur in the log file.
Unblock the files by right-clicking the file, then selecting Properties, then checking the Unblock option on the right below, and then clicking OK or Apply buttons.

Configuration

  • The utility uses the activeDirectorySync.conf file in the same directory to read and apply the configuration.
  • Edit this file, fill in at least the necessary parameters, and save the file to successfully synchronize the Active Directory users and groups.
  • This utility requires an API Integration configured in Opsgenie. Either
    create a new one and use its API key, or use an existing API integration.
  • All of the parameters in the configuration file are explained below.
Parameter Name
Mandatory or Optional
Description

ogUrl

Optional

Change the default value of this property, if in an Opsgenie environment different than US. For example, set https://api.eu.opsgenie.com for our EU environment. If not provided, the utility assumes the account is in the US environment.

ogApiKey

Mandatory

This utility requires an API integration in Opsgenie to work. The integration has config access and write rights. Use the API key of your Default API integration, instead of creating a new API integration.

logLevel

Optional

Determines the verbosity of the logs that the utility writes. The default value of the property is warning. Other supported levels are info, debug, and error. The most verbose level is debug. It prints all the logs that are produced by the utility.

logPath

Optional

Determines which path for which the log file is created. The default value is empty. Which means it is placed in the same path with the executable. It has the name activeDirectorySync.log

groupsToSync

Optional

The names of the Active Directory groups that are synchronized with Opsgenie teams. It's a comma separated property. Replace the [YOUR ACTIVE DIRECTORY GROUPS] placeholder value with the names of the groups to keep synchronized. For example, groupsToSync = Domain users, Domain guests, Administrators

sendInvitationEmails

Optional

A true/false value that determines if the utility sends invitation emails to the users created by the utility. Sometimes, especially in the trial process, it isn't necessary to send invitation emails to actual employees. The default value of the property is true.

applyDeletions

Optional

The utility also supports removing the users/teams that are removed from Active Directory. But, because removing is a risky operation to apply automatically, the utility has an option not to do it automatically. If not activated, the utility only creates the users/teams in Opsgenie. It's a true/false value. The default value of the property is false.

http.proxy.enabled

Optional

This property is for determining if the proxy server feature is enabled or not. It's a true/false value. The default value is false.

http.proxy.port

Optional

This property determines which port the proxy server is running.

http.proxy.host

Optional

This property determines the domain address of the proxy server. The default value is localhost.

http.proxy.protocol

Optional

This property determines which protocol the proxy server uses. Supported values are http or https. The default value is http.

http.proxy.username

Optional

If using authentication for the proxy server, fill in the username of the proxy server user into this property. The default value is admin.

http.proxy.password

Optional

If using authentication for the proxy server, fill in the password of the proxy server user into this property. If the proxy server user has no password set, leave this property blank.
I.e. http.proxy.password =
The default value is [YOUR PROXY SERVER USER PASSWORD] placeholder.

Automating the synchronization process

  • The utility only synchronizes the Active Directory groups and teams when executed manually.
  • To automate the synchronization, add a scheduled task via running the command below in Command Prompt.
SchTasks /Create /SC MINUTE /MO 30 /TN "OpsGenie Active Directory Synchronization" /V1 /TR "C:\opsgenieActiveDirectorySync\activeDirectorySync.exe" /ST 15:00
  • This command creates a new scheduled task in Task Scheduler to run the executable C:\opsgenieActiveDirectorySync\activeDirectorySync.exe every 30 minutes starting at 15:00.
  • Change the path of the executable, the execution frequency and the start time accordingly.

Microsoft Active Directory Integration


Active Directory Domain Services provide secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services. Active Directory Domain Services provide support for locating and working with these objects.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.