User Synchronisation : Active Directory (AD)

Joane Bonghanoy
Updated

Active Directory (AD) User synchronisation enables you to connect your Active Directory to your Phriendly Phishing account. When an individual is configured in your AD then they will automatically synchronise this new staff member in your Phriendly Phishing account.

As a Phriendly Phishing administrator, you will be able to configure AD user synchronisation.

 Requirements

The latest version of Remote Server Administration Tools should be installed.

Remote Server Administration Tools for Windows 10

Remote Server Administration Tools for Windows 7 with Service Pack 1

mceclip0.png

mceclip1.png

1. Install your AD Attributes Script in your Phriendly Phishing account

  1. Log in to Phriendly Phishing. Go to Settings adminapi7.png and follow through per the screenshot below. AD.png

  2. Expand AD Synchronisation. Click the Download The Get Attributes Script button and save the PowerShell script. Please also take note of the Authentication Token location as you will use that later on.

    UserAD.png

  3.  From an AD connected machine, run PowerShell in Administrator mode, right-click on the Get Attributes Script, and copy the file name.
  4. Navigate to the directory that the Get Attributes Script was downloaded to and use the CD command. Back in PowerShell type without quotations ‘.\’ then paste in the file name followed by ‘.ps1’ and hit enter. mceclip4.png
  5. PowerShell will ask you to enter the Authentication Token (see step 2).
  6. Copy the Authentication Token to the clipboard and input that into PowerShell. Hit enter. mceclip6.png
  7. You will now see a Sync Successful message. mceclip7.png
  8. Go back to Phriendly Phishing platform, refresh the page and you will see a red notification on the bell icon. Click the bell and then ‘Click to proceed’. mceclip8.png

2. Configure your AD Attributes in Phriendly Phishing

 Warning

  1. It is important to configure the attributes to ensure the AD script is transferring the right information for your staff.
  2. When synching users, Users from a Nested Group are not recognised. These nested groups need to be specified in the learner group field. 
  3. The AD Security Group name is shown as Segment in Learners section. 
  4. SID as Unique Identifier is recommended as Email Address is automatically updated if the email is changed (refer to Step 3 below). 
  5. It is required that the ‘Key attribute’ is an attribute in an email address format (refer to Step 4 below). 
  1. In the platform, Settings > User Sync > Learner Sync expand AD Synchronisation
  2. Scroll down to Generate AD Synchronisation Script with Attributes and enter the AD Security Group you want to sync. AD1.png
  3. Set SID as Unique Identifier. AD2.png
  4. Scroll down to the Search box and tick any attributes that you would like to import into Phriendly Phishing. Select your required attributes by dragging the attributes to the dashed-line boxes. mceclip12.png
  5. Once done, save your configuration. AD3.png 

3. Download your AD User Script

  1. In the platform, download the AD Synchronise Script. AD4.png
  2. Open PowerShell in Administrator Mode and copy the file name of the AD Synchronise Script downloaded previously.
  3. In PowerShell type without quotations ‘.\’ and paste the file name followed by ‘.ps1’ and hit enter. Eg: ‘.\ph2_get_ad_users_20190724150445.ps1’
  4. PowerShell will ask you to enter the Authentication Token. This is the same token in previous steps and can be found when you expand AD Synchronisation.
  5. Copy the Authentication Token to the clipboard and input the token into PowerShell and hit enter.
  6. You will see a Sync Successful Message. mceclip16.png
  7. Go back to your Phriendly Phishing account, refresh the page and you will see a red notification under the bell icon. Click it and then Click to view.mceclip17.png

4. Validate User Data

This step, lets you validate that the information pulled from AD is correct before syncing to Phriendly Phishing. There are 2 options to review data that has synced to your Phriendly Phishing account prior to enabling the sync button.

AD5.png

Option 1

  1. From an AD connected machine run PowerShell in Administrator mode.
  2. Copy the file name of the ‘AD Synchronise Script’ you just downloaded to clipboard.
  3. In PowerShell type without quotations ‘.\’ and paste in the file name followed by ‘.ps1’ -preview -limit 5 and hit enter. Eg: ‘.\ph2_get_ad_users_20190724150445.ps1 -preview -limit 5’
  4. PowerShell will ask you to enter the Authentication Token. It is the same token you used previously.
  5. Enter the Authentication Token into PowerShell and press enter.
  6. You will now see the total number of learner and also a preview of their information pulled from AD.
  7. Review that all information is correct. mceclip18.png

Option 2

  1. In the platform, expand AD Synchronisation and scroll down to Preview sample learners list and Download CSV.
    AD6.png
  2. The ‘Preview processed data’ CSV file shows each learner's email address, first name, last name, and whether the learner was ‘Added’, ‘Updated’, ‘Removed’, or if an email is ‘Invalid’.   mceclip21.png

5. Enable AD Synchronisation

  1. Once you have confirmed the data is accurate and you are ready to sync users from your AD, please click the ‘Enabled’ button next to AD Synchronisation. AD5.png
  2. A Sync Data Success box will appear. Click Finishmceclip26.png
  3. Navigate to Learners section in the platform to view learners synched to Phriendly Phishing.  AD7.png

6. Configure the Task Scheduler

  1. Select Action > Create Task. 
    mceclip29.png
  2. Once Task has been created, under General tab, fill out fields per below screenshot. 
    mceclip30.png
  3. Under Triggers tab.
    mceclip31.png
  4. For the new Trigger, the Recommendation is setting the sync weekly at a minimum. 
    mceclip32.png
  5. Under Actions tab, click New
    mceclip33.png
  6. Once created, fill out per below for Program/script. 
    mceclip34.png
  7. Select Add arguments, fill out -ExecutionPolicy Bypass C:\<path of script location>\ph2_get_ad_users.ps1 -token <your unique id obtained in the platform. 
    mceclip35.png

  8. Click OK.
    mceclip36.png

     

     Warning

    1. There should be no spaces in the file path as it will cause issues with Powershell's ability to parse the arguments provided in the scheduled task.
    2. For Example : If the script is located at C:\Phriendly Phishing\get_ad_users.ps1, you will either need to do any of below bullet points:
      • Update the path to remove any space characters (i.e. C:\PhriendlyPhishing\get_ad_users.ps1)
      • Ensure the path to the script is encapsulated in quotes in the scheduled task arguments (-ExecutionPolicy Bypass "C:\Phriendly Phishing\get_ad_users.ps1" -token <token_goes_here>)

Congratulations! You have successfully configured synching your Learners straight from your Active Directory.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.