Learn how to configure your profile, get notifications from Opsgenie and view on-call schedules.
What does Opsgenie offer Microsoft Active Directory users?
supplies a utility for synchronizing users and groups with . Use this utility to select Active Directory groups to keep synchronized with .
Functionality of the integration
After configuring the utility, it will start synchronizing the selected groups with . It creates teams in for the groups if a team with the same name doesn't exist in . Then it adds the members of the group to the team in . It creates the users if they don't already exist.
The utility only creates users in if they have an email address set in .
If the "Apply Deletions" option is selected true in the configuration, it removes the users from synchronized teams in if they're removed from the groups. Also, if the user doesn't exist in any of the other synchronized groups it deletes the user in . If the selected group doesn't have any members, the utility won't create the corresponding team in . If the group has created before but left with no members, the corresponding team is deleted in . All of these deletion operations depend on the apply deletions option. If it's false, no deletions occur.
Download the ZIP package from here.
Unzip the ZIP file to a directory.
Configure the utility by editing the activeDirectorySync.conf file.
All of the parameters in the configuration file are explained in the table in the Configuration section below.
After the configuration, run the activeDirectorySync.exe to start the synchronization manually, or add the executable as a scheduled task to automate the synchronization. See the Automating the synchronization process section below.
Windows automatically blocks downloaded executable files. Unblock the activeDirectorySync.ps1, activeDirectorySync.exe and activeDirectorySync_64.exe, if blocked.
Otherwise, AuthorizationManager check failed error message may occur in the log file.
Unblock the files by right-clicking the file, then selecting Properties, then checking the Unblock option on the right below, and then clicking OK or Apply buttons.
The utility uses the activeDirectorySync.conf file in the same directory to read and apply the configuration.
Edit this file, fill in at least the necessary parameters, and save the file to successfully synchronize the users and groups.
This utility requires an API Integration configured in . Either
create a new one and use its API key, or use an existing API integration.
All of the parameters in the configuration file are explained below.
Mandatory or Optional
Change the default value of this property, if in an environment different than US. For example, set https://api.eu.opsgenie.com for our EU environment. If not provided, the utility assumes the account is in the US environment.
This utility requires an API integration in to work. The integration has config access and write rights. Use the API key of your Default API integration, instead of creating a new API integration.
Determines the verbosity of the logs that the utility writes. The default value of the property is warning. Other supported levels are info, debug, and error. The most verbose level is debug. It prints all the logs that are produced by the utility.
Determines which path for which the log file is created. The default value is empty. Which means it is placed in the same path with the executable. It has the name activeDirectorySync.log
The names of the groups that are synchronized with teams. It's a comma separated property. Replace the [YOUR ACTIVE DIRECTORY GROUPS] placeholder value with the names of the groups to keep synchronized. For example, groupsToSync = Domain users, Domain guests, Administrators
A true/false value that determines if the utility sends invitation emails to the users created by the utility. Sometimes, especially in the trial process, it isn't necessary to send invitation emails to actual employees. The default value of the property is true.
The utility also supports removing the users/teams that are removed from . But, because removing is a risky operation to apply automatically, the utility has an option not to do it automatically. If not activated, the utility only creates the users/teams in . It's a true/false value. The default value of the property is false.
This property is for determining if the proxy server feature is enabled or not. It's a true/false value. The default value is false.
This property determines which port the proxy server is running.
This property determines the domain address of the proxy server. The default value is localhost.
This property determines which protocol the proxy server uses. Supported values are http or https. The default value is http.
If using authentication for the proxy server, fill in the username of the proxy server user into this property. The default value is admin.
If using authentication for the proxy server, fill in the password of the proxy server user into this property. If the proxy server user has no password set, leave this property blank.
Automating the synchronization process
The utility only synchronizes the groups and teams when executed manually.
To automate the synchronization, add a scheduled task via running the command below in Command Prompt.
This command creates a new scheduled task in Task Scheduler to run the executable C:\opsgenieActiveDirectorySync\activeDirectorySync.exe every 30 minutes starting at 15:00.
Change the path of the executable, the execution frequency and the start time accordingly.