Opsgenie supplies a utility for synchronizing Active Directory users and groups with Opsgenie. Use this utility to select Active Directory groups to keep synchronized with Opsgenie.
After configuring the utility, it will start synchronizing the selected Active Directory groups with Opsgenie. It creates teams in Opsgenie for the Active Directory groups if a team with the same name doesn't exist in Opsgenie. Then it adds the members of the Active Directory group to the team in Opsgenie. It creates the users if they don't already exist.
The utility only creates users in Opsgenie if they have an email address set in Active Directory.
If the "Apply Deletions" option is selected true in the configuration, it removes the users from synchronized teams in Opsgenie if they're removed from the Active Directory groups. Also, if the user doesn't exist in any of the other synchronized groups it deletes the user in Opsgenie. If the selected group doesn't have any members, the utility won't create the corresponding team in Opsgenie. If the group has created before but left with no members, the corresponding team is deleted in Opsgenie. All of these deletion operations depend on the apply deletions option. If it's false, no deletions occur.
- Download the ZIP package from here.
- Unzip the ZIP file to a directory.
- Configure the utility by editing the activeDirectorySync.conf file.
- All of the parameters in the configuration file are explained in the table in the Configuration section below.
- After the configuration, run the activeDirectorySync.exe to start the synchronization manually, or add the executable as a scheduled task to automate the synchronization. See the Automating the synchronization process section below.
This utility executes a Powershell script to function. Allow running unsigned Powershell scripts by running the command below in a Powershell session as Administrator.
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Windows automatically blocks downloaded executable files. Unblock the activeDirectorySync.ps1, activeDirectorySync.exe and activeDirectorySync_64.exe, if blocked.
Otherwise, AuthorizationManager check failed error message may occur in the log file.
Unblock the files by right-clicking the file, then selecting Properties, then checking the Unblock option on the right below, and then clicking OK or Apply buttons.
- The utility uses the activeDirectorySync.conf file in the same directory to read and apply the configuration.
- Edit this file, fill in at least the necessary parameters, and save the file to successfully synchronize the Active Directory users and groups.
- This utility requires an API Integration configured in Opsgenie. Either
create a new one and use its API key, or use an existing API integration.
- All of the parameters in the configuration file are explained below.
Mandatory or Optional
Change the default value of this property, if in an Opsgenie environment different than US. For example, set https://api.eu.opsgenie.com for our EU environment. If not provided, the utility assumes the account is in the US environment.
This utility requires an API integration in Opsgenie to work. The integration has config access and write rights. Use the API key of your Default API integration, instead of creating a new API integration.
Determines the verbosity of the logs that the utility writes. The default value of the property is warning. Other supported levels are info, debug, and error. The most verbose level is debug. It prints all the logs that are produced by the utility.
Determines which path for which the log file is created. The default value is empty. Which means it is placed in the same path with the executable. It has the name activeDirectorySync.log
The names of the Active Directory groups that are synchronized with Opsgenie teams. It's a comma separated property. Replace the [YOUR ACTIVE DIRECTORY GROUPS] placeholder value with the names of the groups to keep synchronized. For example, groupsToSync = Domain users, Domain guests, Administrators
A true/false value that determines if the utility sends invitation emails to the users created by the utility. Sometimes, especially in the trial process, it isn't necessary to send invitation emails to actual employees. The default value of the property is true.
The utility also supports removing the users/teams that are removed from Active Directory. But, because removing is a risky operation to apply automatically, the utility has an option not to do it automatically. If not activated, the utility only creates the users/teams in Opsgenie. It's a true/false value. The default value of the property is false.
This property is for determining if the proxy server feature is enabled or not. It's a true/false value. The default value is false.
This property determines which port the proxy server is running.
This property determines the domain address of the proxy server. The default value is localhost.
This property determines which protocol the proxy server uses. Supported values are http or https. The default value is http.
If using authentication for the proxy server, fill in the username of the proxy server user into this property. The default value is admin.
If using authentication for the proxy server, fill in the password of the proxy server user into this property. If the proxy server user has no password set, leave this property blank.
- The utility only synchronizes the Active Directory groups and teams when executed manually.
- To automate the synchronization, add a scheduled task via running the command below in Command Prompt.
SchTasks /Create /SC MINUTE /MO 30 /TN "OpsGenie Active Directory Synchronization" /V1 /TR "C:\opsgenieActiveDirectorySync\activeDirectorySync.exe" /ST 15:00
- This command creates a new scheduled task in Task Scheduler to run the executable C:\opsgenieActiveDirectorySync\activeDirectorySync.exe every 30 minutes starting at 15:00.
- Change the path of the executable, the execution frequency and the start time accordingly.
Updated about 3 years ago