How to automatically import Active Directory users into specific ServiceDesk group roles

book

Article ID: 179740

calendar_today

Updated On:

Products

ServiceDesk

Issue/Introduction

 

Resolution

Question
You want to automatically have ServiceDesk import Active Directory users into specific group roles in ServiceDesk.

Answer

ServiceDesk can be configured during the installation or post-installation to automatically import Active Directory (AD) users into default groups. This will add the users to these group(s) along with any security groups that they also belong to. It may be complex, however, to match these to what roles you want them to have in ServiceDesk.

How the Automatic Import Works

  • There is an AD group called Level 1. There are AD users that are members of this group.
  • The AD server import in ServiceDesk is set to import all AD users to the ServiceDesk group All Users.
  • When the import occurs, any AD users that are in Level 1 will be part of that new ServiceDesk group and also part of All Users.

How to Assign Users to Roles

There may be a fair amount of work to do to have AD users match up to what roles you want them to have in ServiceDesk. The following are several suggestions on how to make this work:
  1. Import all AD users automatically into ServiceDesk to a low level group, such as All Users. Afterwards, the ServiceDesk administrator would need to manually assign the users to their respective groups.
  2. Import select OUs and groups and their users in AD to specific ServiceDesk groups. This may involve some work to assign users to their correct roles, but may offer a lot more of an automated approach than suggestion 1. For example: In AD, the Level 1 group can be set to import to Support I. This would make all Level 1 AD users workers of the Support I group in ServiceDesk.

Suggestions

  • All users, regardless of their roles, should always be part of at least the All Users group, to ensure they have correct basic permissions.
  • Do not create AD security groups named after ServiceDesk groups. This will import a new group, such as <domain_name>\Support I, and not import users into the out of box Support I group.
  • Do not rename an out of box group, unless you also plan on customizing Workflow projects that are hard coded to use the original names. Additional information on this can be found in the following related article:

Can out of box groups, such as Support I, be renamed in ServiceDesk?
https://kb.altiris.com/article.asp?article=52284&p=1