Active Directory (AD) User synchronisation enables you to connect your Active Directory to your Phriendly Phishing account. When an individual is configured in your AD then they will automatically synchronise this new staff member in your Phriendly Phishing account.
As a Phriendly Phishing administrator, you will be able to configure AD user synchronisation. Note: You are required to have the latest version of Remote Server Administration Tools installed.
Remote Server Administration Tools for Windows 10
Remote Server Administration Tools for Windows 7 with Service Pack 1
How to install your AD Attributes Script in your Phriendly Phishing account
1. In the top right-hand corner of your dashboard, select the settings cog to navigate to the settings page.
2. Select the User Synchronisation tab.
3. Expand AD Synchronisation by selecting the text
4. Select Download The Get Attributes Script button and then save the PowerShell script. Take note of the Authentication Token location as you will use that in a minute.
5. From an AD connected machine, run PowerShell in Administrator mode, right-click on the Get Attributes Script, and copy the file name.
6. Navigate to the directory that the Get Attributes Script just downloaded to and use the CD command. Back in PowerShell type without quotations ‘.\’ then paste in the file name followed by ‘.ps1’ and hit enter.
7. PowerShell will ask you to enter the Authentication Token. It is located back in the portal under AD Synchronisation. Copy the Authentication Token to the clipboard.
8. Enter the Authentication Token into PowerShell and press enter.
9. You will now see a Sync Successful message.
10. Go back to your portal refresh the page and you will see a red notification click it and then click ‘Click to proceed’.
How to Configure Attributes
Configuring the attributes is important to ensure the AD script is transferring the right information for your staff.
1. Expand AD Synchronisation
2. Scroll down to Generate AD Synchronisation Script with Attributes
3. Enter the name of the AD security group that you would like to sync to your Phriendly Phishing account.
Note: Users from nested groups are not recognised. If you do have users in nest groups you will need to specify those groups in the configuration too.
Note: The AD security group name will be shown as a Segment under the Learners page.
4. Scroll down to the Search box and tick any attributes that you would like to import into Phriendly Phishing.
5. Select your required attributes by dragging the attributes to the dashed-line boxes.
Note: It is required that the ‘Key attribute’ is an attribute in an email address format.
We recommend using SID as the unique identifier as it will update learners if their email address changes.
6. Save your configuration by clicking Save Settings.
AD User Script
1. Download the AD Synchronise Script by clicking the Download The AD Synchronise Script button.
2. Open PowerShell in Administrator Mode
3. Copy the file name of the AD Synchronise Script you previously downloaded.
4. Back in PowerShell type without quotations ‘.\’ then paste in the file name followed by ‘.ps1’ hit enter. Eg: ‘.\ph2_get_ad_users_20190724150445.ps1’
5. PowerShell will ask you to enter the Authentication Token. It is located in the portal under AD Synchronisation. Copy the Authentication Token to the clipboard. (It is the same token you used previously).
6. Enter the Authentication Token into PowerShell and press enter.
7. You will see a Sync Successful Message.
Go back to your portal refresh the page and you will see a red notification click it and then click Click to view.
User Data Validation
You will now be able to check that the information pulled from AD is correct before syncing. There are three options to review data that has synced to your Phriendly Phishing account.
Review Data
Option 1
1. From an AD connected machine run PowerShell in Administrator mode.
Copy the file name of the ‘AD Synchronise Script’ you just downloaded to clipboard.
2. Back in PowerShell type without quotations ‘.\’ then paste in the file name followed by ‘.ps1’ -preview -limit 5 and hit enter. Eg:
‘.\ph2_get_ad_users_20190724150445.ps1 -preview -limit 5’
3. PowerShell will ask you to enter the Authentication Token. It is located back in the portal under AD Synchronisation. Copy the Authentication Token to the clipboard. (It is the same token you used previously)
4. Enter the Authentication Token into PowerShell and press enter.
5. You will now see the total number of learner and also a preview of their information pulled from AD.
6. Make sure that all information is correct.
Option 2
1. Back under ‘AD Synchronisation’ navigate to Preview Sample List.
2. You can now download .csv (excel) files and view:
3. The ‘Raw data’ CSV file shows each learner's email address, first name, last name, and if the email address listed is valid. It also shows the total number of learner.
4. The ‘Preview processed data’ CSV file again shows each learner's email address, first name, last name, and whether the learner was ‘Added’, ‘Updated’, ‘Removed’, or if an email is ‘Invalid’.
Option 3
1. Navigate to AD Synchronisation.
2. Scroll down till you see a list of names.
3. Check the information is correct in this list.
Enabling AD Synchronisation
Once you have confirmed the data is accurate and you would like to enable the user synchronisation please click the ‘Enabled’ button next to AD Synchronisation.
1. Read and understand the warning. If you are sure you wish to proceed click OK.
2. A Sync Data Success box will appear. Click Finish
You can now check to see if the Sync has worked.
3. Navigate to ‘Learners’ in the sidebar menu.
4. Click on the organisation name.
You will now see the learner listed.
Configuring Task Scheduler
1. Open Task Scheduler.
2. Create a new task. Action > Create Task…
3. Name the task and set your security options as follows:
4. Navigate to the Triggers tab and select New
5. Select how often you would like the script to run. Depending on the turnover of your organisation will depend on the frequency of syncing your script to Phriendly Phishing.
Note: We recommend setting the sync at a minimum of weekly.
6. Navigate to the Action tab and select New…
7. In the Program/script field specify Powershell.exe:
8. In the Add Arguments field add: -ExecutionPolicy Bypass C:\<path of script location>\ph2_get_ad_users.ps1 -token <your unique id obtained in the portal>
Note: There should be no spaces in the file path as it will cause issues with Powershell's ability to parse the arguments provided in the scheduled task.
For Example:
If the script is located at C:\Phriendly Phishing\get_ad_users.ps1, you will either need to:
- Update the path to remove any space characters (i.e. C:\PhriendlyPhishing\get_ad_users.ps1)
- Or ensure the path to the script is encapsulated in quotes in the scheduled task arguments (-ExecutionPolicy Bypass "C:\Phriendly Phishing\get_ad_users.ps1" -token <token_goes_here>)
9. Select OK.
10. Select OK.
Your script is now successfully scheduled.
Explore Phriendly Phishing's award-winning course catalogue here!
Comments
0 comments
Please sign in to leave a comment.