You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
On 6/6/2022, the Hardware.io conference revealed vulnerabilities in LP products, for more information see our ICS Advisory ICSA-22-153-01.
announcement close button
Data Exchange Package - Microsoft Active Directory
print icon

Overview

The Data Exchange Package is an optional feature of Access It! Universal.NET allowing for importing and updating of the Cardholder database. The Data Exchange Package can be run manually, or set to execute at automatic intervals.

Active Directory synchronization is performed using the Microsoft DirSync control. To use this control, the caller to Active Directory must have the directory get changes right assigned on the root of the partition being monitored. By default, this right is assigned to the Administrator and Local System accounts on domain controllers. The caller must also have the DS-Replication-Get-Changes extended control access right.

When the Data Exchange package is being configured, it is connecting to the Domain Controller as the launching user. When the package is executed, it is authenticating to the Domain Controller as the account used to run the Access It! Universal service on the server. Ensure the launching user and the account configured to run the Access It! Universal service have appropriate permissions assigned.

A new Data Exchange Package is created by navigating within Access It! Universal.NET to Data Exchange Packages, and selecting New from the toolbar.

Access It! Universal.NET Licensing
The following licensing option must be enabled within the Access It! Universal.NET dongle and is a system wide license.

  • Data Exchange Packages - Yes

Creating New Data Exchange Package

  1. Within Access It! Universal.NET navigate to Configuration | Data Exchange Packages
  2. Select New from the toolbar
  3. Assign a friendly name for this Data Exchange Package
  4. Select Import – Active Directory from the Package Type drop down list

Data Source Tab (required)

  1. In the Path name field, enter a valid LDAP path to connect to the Active Directory Domain Controller
    Prior to Access It! Universal.NET 5.5 Organizational Units (OU) are not supported. See the LDAP String article for more information.
    LDAP strings must be built using all capitalized characters.
  2. Select the appropriate Selection Type
    1. Full Import
      • Used when importing every record from Active Directory into Access It! Universal.NET
    2. Updates / Deletes Only
      • Used only after a Full Import has first been ran
      • Processes only records altered from the last time the Data Exchange Package was executed
        A Full Import must be ran once prior to using Updates/Deletes Only.

Field Mappings Tab (required)

  1. Select Add
  2. In the Destination drop down list, select the field in the Access It! Universal.NET database the import data will be placed into
  3. In the Source section, select the field from Active Directory that will be mapped to the previously selected destination field. If a static value is to be assigned to the Destination field, select Static Value and enter accordingly
    It is required the ObjectGUID field from Active Directory is mapped to a UserText field to be used as a unique key field.
    Access Levels mapped to Member Of must be mapped to Security Groups.
    When mapping Access Levels the Access Level modification rule must be set to Replace Access Level(s).
    • Common Active Directory Field Mappings
Destination Source
UserText1 ObjectGUID
First Name givenName
Last Name sn
Cardholder Status userAccountControl
Cardholder Active Date whenCreated
Cardholder Expire Date accountExpires
(Access Levels) memberof
.  


Advanced Mapping Options (optional)

Advance mapping allows for transforming the import data when the Data Exchange Package is executed.

Input Transform (optional)
Input Transform allows for using a certain portion of the imported field. An example of when this option would be used is when the imported field is a person’s social security number, and only the last 4 digits are required to be imported.

  1. Select Use part of value(Substring)
  2. Select which character you wish the data field to begin at
    If all of the data is needed after the starting point, select All remaining characters.
    If only a certain number of characters are needed, select Character Count and set as needed.

Output Transform (optional)

Output Transform allows for modifying the case format of the imported field. An example of when this option would be used is when source data is formatted in all caps, and should be imported using proper case formatting.

  1. Select None to leave the formatting as is
  2. Select To Upper Case to force the source data to be imported in all upper case
  3. Select To Lower Case to force the source data to be imported in all lower case
  4. Select To Proper Case to force the source data to be imported in all proper case
  5. Select Format value to specify a custom format string that will be used to format the import source

Value Mappings (optional)

Value Mappings allow for mapping a value in the source field to a custom output value which will be imported. An example of when this option would be used is when the imported data is stored as a number value and should be mapped to a friendly name during the import.
If the source mapping is an empty string, leave the input value mapping empty.

  1. Select Add
  2. In the Input Value field, select the value of the imported field that requires mapping
  3. In the Maps to Output Value, enter the desired output that will be imported when the input value criteria is matched.

Prepend / Append (optional)

Prepend / Append allows for custom data to be placed prior or after the imported source field.

  1. In the Prepend Text field, enter the data that will be placed prior to the import field
  2. In the Append Text field, enter the data that will be placed after the import field

Package Options Tab (required)

  1. In the Exception Logging Mode select whether to log import exceptions to a folder or to a File
  2. Select the path the import exceptions will log to
    If no path is specified, the default path is .\ProgramData\RS2 Technologies, LLC\Access It! Universal.
  3. Within the Key Field drop list, select a unique key field. The Key field is used to compare existing data to the imported data and then used to import a new record, or update the existing field
    It is recommended the objectGUID mapped field be the key field as that is guaranteed to be unique within Active Directory.
  4. Set Card Modification Rule accordingly
    The Card Number field must be mapped within the Field Mappings tab in order for the following rules to apply.
    1. Insert / Update Card
      • When the Key field between source and destination match, the existing card record will be updated, or created if not already existing
    2. Replace Existing Card(s)
      • When the Key field between source and destination match, the existing card record will be replaced
    3. Deactivate Existing Card(s)
      • When the Key field between source and destination match, the existing card record will deactivated
  5. Set Access Level Modification Rule accordingly. Only the Replace method should be used when importing from Active Directory.
    One or more Access Levels need to be mapped within the Field Mapping tab in order for the following rules to apply. 
    1. Replace Access Levels
      • When the Key field between source and destination match, the existing Access levels assigned are removed from the card and then replaced with the new Access Level imported.
    2. Replace Cardholder Access Levels
      • When the Key field between source and destination match, the existing Access levels assigned are removed from the cardholder and then replaced with the new Access Level imported.
  6. Set the Access Level creation rule accordingly
    Option available beginning in Access It! Universal.NET V5.5
    1. Don't Create
      • If the access level in the imported source does not exist within Access It! Universal.NET it will not create a new access level.
  7. If the imported data should be created if it does not exist in the destination, check the box Insert record if it does not exist
  8. When the Delete Control Field matches the Delete Control Value select whether the Cardholder or the Card should be deleted
  9. Within the Delete Control Field, select the field from the import source that will be compared against the Delete Control Value. If the values match, the record will be deleted
  10. Within the Delete Control Value, enter a value that will be compared against the Delete Control Field. If the values match, the record will be deleted

Pre/Post-processing steps Mappings Tab (optional)

Pre/Post steps allow for the Data Exchange Package to execute a program, or batch file before or after executing

  1. In the Preprocessing Step field, enter a valid file path or click Add Step and browse for an executable file to be ran before the Data Exchange package executes
  2. In the Postprocessing Step field, enter a valid file path or click Add Step and browse for an executable file to be ran after the Data Exchange package executes

Schedule Tab (optional)

  1. From the Schedule Type drop list, select the type of schedule determine how often the Data Exchange Package will automatically execute
  2. Assign the Start Date/Time accordingly

Executing a Data Exchange Package

  1. Within Access It! Universal.NET navigate to Configuration | Data Exchange Packages
  2. Select the Data Exchange package to be executed
  3. From the toolbar, select Execute Data Exchange Package

Mobile Credentials

The following articles outline the specifics required when importing mobile credentials for each manufacturers respectfully.


scroll to top icon