This content demonstrates the installation and configuration of PowerSyncPro Directory Synchronization, showcasing its ability to sync users between Active Directory environments, manipulate attributes, and use a "What-if" report to preview changes before committing them.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
Hi. It's Neil from PowerSyncPro and today I'm going to demo
And then I'm also going to change some attributes, make some mistakes,
and use the what if report to identify those problems or those mistakes.
Rectify them before we commit them at the target.
So in my source I have a server called
fabrikam and the AD domain is called migsource.net.
And then it could be syncing those users over to migtarget.net on the server
contoso.
That's really all that's in my environment,
apart from the PowerSyncPro server that sits in the middle,
that does have connectivity and line of sight
to those domain controllers, I'm going to be performing some manipulation,
so I'll be taking the domain portion of the migsource
and changing it to migtarget in the target.
And then I'll also be prefixing the display name
with an extra set of characters to identify
those users in the target, which tends to be a similar set
of circumstances that we see for some customers.
Obviously, in your environment,
you need to map out the type of circumstances that you want to sync,
the type of attributes and matching that you need to perform.
So this is very much a made up scenario just to demonstrate some of the features
and functionality of PowerSyncPro Directory Synchronisation.
So let's have a look at our server.
I have some prerequisites here already.
The first thing that I need to do is install dotnet
eight core runtime.
That is a fairly quick install.
All of the prerequisites are listed on our website:
powersyncpro.com/documentation.
It will detail everything that, you need to be able to run
PowerSyncPro and the Migration Agent as well.
The next one is the,
visual C++ redistributable.
Let's just install that.
That's really nice and quick.
And of course,
what else you can find on our website is the various other
configuration documents and limitations and things like that.
So please always check our website first before doing anything.
Next is SQL express.
I'm installing 2022.
You can install anything from 2019 onwards.
And obviously you can have your own SQL, a little SQL implementation as well.
I'm going to choose the basic, installation here
and just let that install now.
And I'll come back to when that's complete.
It should take about 4 or 5 minutes.
Okay.
SQL express is now installed.
Let's go on to install PowerSyncPro.
The first thing we're going to need to do is to read the Eula.
Let's accept that.
And the license agreement,
I'm going to use some default installation options here.
Just onto the C drive program files, remote agents.
When you do not have line of sight to Active Directory,
don't have connectivity to it, you can put you can synchronise over the internet.
And also there are password agents as well.
So when RC four is disabled the environment a higher level of password
security.
Then you can also put agents onto DCS and synchronise password securely as well.
When we're not demoing that today.
So we will ignore this.
I will leave the default port as port 5000.
As I've done a SQL express, I need to put SQL express into the instance.
And that should then identify the basic installation of SQL Express,
and I'll choose the default database name for PowerSyncPro.
I could use an AD service account, a local service account,
local admin account, or a group managed service account.
I'm just going to use the local system account for this demo.
And I'm not using, PowerSyncPro Migration Agent
so I don't need to create an external endpoint for PowerSyncPro,
so therefore I will just ignore that as well and let the install happen.
That takes about 40s.
I'll come back to you in a second.
Okay.
That's PowerSyncPro now installed.
Let's go to the browser and have a look.
So I need to type in local host
port 5000.
And this should load the PowerSyncPro interface.
Fantastic.
The default username and password is in our documentation.
What I recommend you do is come up to the global settings and then click users.
You can then modify the username and password
to make your environment a little bit more secure.
So now we want to start the synchronisation
between our two Active Directories.
So let's have a look at those first here I have my make source
within here I have the make source limited users.
Are you with some countries and some departure payments for different users.
There's about 500 or so users dotted around within here.
And I'm just showing you that the display name here is, just their first name.
Last name.
And the email address is the migsource.net.
Let's have a look at the target environment.
Not much in here.
It's pretty empty to be honest.
Do a quick refresh.
I've got this. Head office users.
OU with nothing in it?
I've got my Corp Users.
OU here and I'm pretty much everything else is out the box.
So the first thing we need to do with PowerSyncPro
is to create a connection between our directories
from PowerSyncPro to the source directory, PowerSyncPro to the target
directory, and we set them up as directories.
So let's go create and then go to an Active Directory-
directory type
This is where I need to type in my source name.
I can put in anything I like there and then I need to provide my server name here.
I then need to provide the
service account that has access to everything, to reader access
in my environment and also specify the password. Down here,
I need to import the type of objects which I'm going to be focused upon.
I'm just caring about users on this occasion.
I don't care about computers, groups, contacts, or group membership.
That's for another demo.
Once I click save,
it will go off and verify that all of the credentials are correct.
But now I need to create the directory for my target environment.
I will do exactly the same, but this time type Target
AD, put in my Contoso server and then once I've done
that, I will need a service account for my target environment.
As well. I'm using a domain admin account.
You can obviously define the access for your environment.
I'm also going to be importing users here just in case there are any other users
in the target environment which I need to match or sync.
But I'm not going to be doing groups or computers or contacts in this demo.
Now that
I've got my source and target, the next step I need to do
is actually create the actions that I want to perform.
The syncs that I want to perform.
So I'll come to my sync profiles.
If I create one up here, the first thing I need to do is give it a name.
So, "my first sync"
I then need to select my source and target directory.
So, a source can be an AD,
a Google and the directory could be
AD as well, or even Entra if you'd set them up.
There is a concept of templates.
This is a default set of matching and mapping attributes
which organisations may typically use when doing an AD to AD sync.
So I am going to select the users one.
I've got users, groups or contacts.
But you will need to customise this for your own needs.
This has self-populated some of the options down here.
So the object type that I'm focused on is now User.
Sync action: Create Only.
Or do I want to Create and Update, Update Only, or Match Only. On this circumstance,
I'm going to change it from Create Only to Create or Update.
And then
I might when I'm creating an object for the first time,
am I going to do a User, Group or Contact? On this occasion
I'm not going to do any form of manipulation of the object.
So I would do a user,
and then when I'm matching objects, what do I want to match to.
Again, I'm doing a fairly simple configuration here, but obviously
you could start to see there's a lot of opportunity here to manipulate objects
and create the desired outcome.
Moving down a little bit
onto the Scoping tab here, this is where I select my source.
Or use my source containers
I've got a list of everything that you saw earlier.
And I have my migsource limited uses within here.
So I'm just going to select all of those.
You can obviously pick and choose how you want to choose
the different objects that are going to get synced.
So I'm just going to select that entire container and all child.
OUs.
Next we select the target container.
Do we want the users to go into?
I have this head office users here.
So I will select that
OU. I also want to recreate that container structure.
So I'm going to click Check Create target containers
and create child containers as well.
There are some options below about inclusion and exclusion attributes.
So I can really start to refine which objects
we're targeting to sync from the source to the target.
I do not have any
inclusion or exclusion requirements in my environment.
There is also complex expressions where I can build up some logic to identify
which accounts I'm going to include or exclude in this sync profile.
I'm doing a fairly basic one today.
That's for another lesson, another day.
Now I'm onto my matching.
It's already pre-populated.
Use the principal name
as the source and user principal name in the target as part of that template.
This is where I will
take the UPN at the source, see if it can find that value in the target.
If it can't find that value in the target, it will then create it.
I'm happy with that configuration right now.
Coming on to mapping, it has populated a preset number
of attributes to be able to sync from source to target.
Right now I don't want to make any changes.
I think that's all happy.
Next we're on to the sync options.
Do I want to delete the target objects?
If the object in the source is deleted - that's fine for me.
Legacy password sync.
Do I want to sync password hashes between the source and the target? Yes.
There are no other configurations here that I want to do.
Group members -
I'm not doing that on this sync profile.
I'm not converting contacts.
I'm not performing sync.
SID history, mode and password sync are not do not have RC for disabled.
So I'm not going to choose that one.
And I'm not synchronising groups.
User account.
When I create the accounts for the first time in the target,
do I want to follow the enablement of that?
Count me in the type of enablement
Do I want to always enable, always disable or
flow it from whatever the source was set.
I'm going to set flow from source, so if something is enabled in the source,
it will be enabled in the target on create if something's disabled
in the source, it will be disabled in the target on create.
And then when I come to update the the objects, what do I want to do?
Do I still want to flow that?
Do I want to leave target alone and never change that state?
Or do I want to always enable or always disable?
I'm good to say keep as is on target.
Mail enable options -
This is for exchange-style
attributes like hidden from the go out and offline address book.
I'm just going to leave those for another day.
Let's click save.
Next thing I need to do
is go and see what would happen in my target environment
without actually committing any of this to the target environment.
Let's go into Schedule.
The first thing I need to do is select how often the sync is going to run.
So I click on Edit schedule.
30 minutes is fine.
Now you'll see that I have my source
and my target and my first sync because I'm within the 30 minutes.
And for the purposes of demo, I'm
just going to click run now at the top to start that sync process.
And you can see it's starting to import all the objects.
We're up to 500 there.
And that's done.
Now, it's performing the first sync.
Now it's performing the first sync.
And it's looking at all of those objects and trying to pretend to
create all of those.
You'll notice there's a
little asterisk on here that is I that is showing
that a configuration change has happened within this environment.
We've created the configuration for the first time.
And therefore what we need to do is need to check
that everything is okay within the environment before we proceed.
And we do that by right clicking on it and looking at the What-if.
So, we can go to the What-if report
and we could see what PowerSyncPro would do in the target environment.
If it were to be approved, if this What-if report was to be approved.
So I can look at one of these uses
and see what would happen.
So I've got my source object in my migsource environment target object.
It hasn't found a match.
There is no common target object for it to update.
So this column here is blank.
And then the future target is going to create this object.
And these are all the changes it's going to apply in the target environment.
So looking at display name, it's copied the display name.
But you remember from my requirements earlier I want to put a prefix on here
so that I'm not I'm not happy with that at all.
Now coming down to mail you'll notice that mail has got migsource.
But and it's got migsource on the target
again and I want that to be migtarget.
So I want that to be migtarget on the target.
I don't want it to be migsource.
So that's just copied that value across without any manipulation.
The same applies to proxy address, except
I appear to be missing a proxy address there.
And for UPN as well.
I've got migsource here, but also migsource in the target as well.
And I want that to be migtarget instead.
So I've got a bit of manipulation to do that.
So let's come back to the sync profile and see what we can do.
Let's go click on Edit
and look at some of these mappings.
If I come down to the display name here, I have a simple expression
or a complex expression.
Simple expression is where
I just perform very simple actions to the attribute values.
Complex expression is where I can build, and if this then that type formula
to really get deep into manipulating that data.
If I click on edit you'll see I could choose one of those two.
But I haven't got any simple expressions or complex expressions to apply.
And let's look at for example the male attribute.
Exactly the same applies.
I don't have any to apply, so I need to go off and create
a simple or complex expression.
On the left I have a simple expression.
So let's go there and let's create one.
So let's call this first one pre fix
M-I-G - MIGSOURCE.
And then I'm going to create this rule.
So what type of rewrite function do I want to do?
How are we going to manipulate this data
For the simple expression?
Well, it's right on screen there.
So I'm going to add a prefix.
So lots of other options here for you to choose from.
Uppercase, truncate, suffix, replace string.
You can even use Regexes.
So, prefix is the one that I want to do.
How am I going to match the objects?
I'm only going to be applying this to display name.
So I'm just going to go like anything.
So that will use any value.
it will look for any value within that display name.
When I come to apply this simple expression.
And what is the prefix?
M-I-G-S with a space on the end.
So that is a space in between the first letter of the first name and the migs.
Let's save that. Great.
So this simple expression is created.
The next
one I want to do is the domain portion
of the mail accounts - the, proxy addresses in the UPN.
So let's do that as well.
Create,
replace, migtarget
.net. Replace with migtarget.
So let's create this rule. Rewrite function.
Let's have a look.
We've got replace string down here I could create a regex
but let's keep it simple.
Replace string. Again, what type of match
I'm going to do it for a particular set of attributes.
So I'm just going to say match anything.
And I'm going to find the value migsource.
And I'm going to replace with migtarget.net.
And that's my other simple expression completed.
Let's go back to my sync profiles.
Update that and I want to go.
Now look at what would actually happen.
So first of all I need to go to my display name.
Click on edit simple expression prefix M-I-G-S.
Now let's go find the other ones.
I want to look at mail I will do the same.
So I'm replacing me with migtarget.
What else?
I have my proxy addresses.
Let's do it for proxy addresses as well.
And you can see here that the simple expression
has been populated with that manipulation.
And the same again for user principal name.
Okay.
Now let's go and have a look at my What-if.
Here we go.
You can see the asterisk is still there.
I can right click go to What-if.
And that will process all of the objects with the updates
to the configuration that I've made.
But it's not committing it to the target.
Okay.
Let's have a look at one of these uses Liam.
And let's go down and have a look at that in the display name.
You can see here that MIGS is now prefixed on display name.
That is exactly what I want it.
The mail
attribute mix source has converted to migtarget, perfect.
And looking down here the proxy addresses is converted,
but only one of the objects, only one of the entries have come across.
This is pretty much come across from the mail attribute.
So I need to fix something here.
And the user principal name down the bottom has got migtarget as well.
So all the manipulation there has started.
So what's going on with the proxy address?
Well, there's a protective feature within PowerSyncPro
so that only certain domains can be added to the target environment.
So I need to add a new SMTP domain into my configuration.
So let's come across to SMTP domains on the left-hand side.
And there's two things that I need to do here.
I'm going to click Create
And I'm first need to select the environment
in which I'm making these changes on.
So I'm going to go my Target AD.
And the first thing I need to do is say SMTp-style addresses will be added.
Obviously there's things like SMTP 500 and ZIP addresses and lots of others,
but I'm going to be focused here on just the SMTP portion.
So I'm going to put that there.
I'm going to allow sync additions and allow sync removals.
Next I'm going to actually add the domain I'm trying to add.
So again, you select the target environment where you're going to be adding this
I'm going to put in migtarget.
And I will allow
the addition of objects to the target domain.
And I'll allow the removal of those entries
in the target domain as well.
Click save.
Now I've made yet another configuration change.
So let's go and look at the What-if.
Once again it will then process all of those objects with those updated settings.
So I'm really starting to get confidence that what I'm going to apply in the target
environment is actually what I want to, have applied.
I've just spotted and I'm not particularly happy with the
OU that this is going into - head office uses.
Is it really head office users or is it just the source environment uses?
So let's I will do a change here as well.
Let let's go down and see whether or not my proxy addresses have corrected.
Great. Yes.
Now both addresses have been manipulated because I added that SMTP domain.
Now, one thing I've just thought about
is that what happens if there's users in my target environment already?
How am I going to make sure that those users are updated accordingly?
So let's go and take one of these users here.
Any user, Lucas, for example.
And what I'm going to do, I'm going to create Lucas in the target.
So let's take his, name here and go to the target.
And I'm going to choose an OU, over here and just create them for the first time.
Create user.
Lucas.
And then I'm going to take this local portion here.
And leave it at that.
Give it a password.
Cannot change password.
User is disabled for good measure.
And go finish.
So I'm just going to copy this name
and I want to run.
Now I've added in a user account my environment has changed.
The sync will only happen every 30 minutes.
So I'm going to import that change that I've just done.
Import. Start.
And hopefully the moment
that that will go off to take the change, it'll be very quick.
And you can see here processed one account has updated which will be Lucas,
and I'll just run my full sync again
just to, import all of those changes and rerun it.
Let's just make sure that that is going to update.
Fantastic.
And let's look at my What-if now.
And let's try and find Lucas and see what's going on.
So click search.
Okay, there's Lucas there.
But it's still saying create.
But however I've already got Lucas in my target environment.
Now why is that?
So if you remember my matching account is the user principal name.
But here the user principal names do not match, so it hasn't found this user
to update them because the user principal name does not match.
So just in case there are users that already exist in the target environment,
I'm going to have to update my match
so that it will identify Lucas.
So, let's go back to my sync profile.
And how can I do that?
Let's have a look.
Go to match. I have the opportunity to put in a complex expression here.
I do not have any selected yet for matching.
So let's go and create one and let's build a complex expression.
So complex expressions: click create.
I'm going to give it a name
match
to migtarget
.net.
Select the type matching.
I can also use this for mapping and scoping,
but I need to recreate those complex expressions.
On this occasion.
I'm just doing it for matching.
Select my source and select my target.
Now I can build an expression.
I can build a set of logic to be able to really drill
into and manipulate the data that we're matching for.
Or in the case of mapping, I would build a complex expression
to really refine the data that we're going to be building.
So the first thing I need to do is if
the matching source source attribute value.
So that's the value which we are focused on when we're
dealing with this complex expression.
What am I looking for?
So does it end with for example I've got lots of options there.
But for this particular one I'm going to go end with
and I'm going to go migsource
because that's what's on the object currently.
Then I need to go sourceValue,
and I want to take the local part of the domain
because I'm trying to match to the local part with migtarget.
So I'm going to go sourceValue and I'm going to take the first part of it.
So I'm going to split it with the @.
Now I'm only going to
take the first part of that split.
So that's really getting the local part of the UPN.
Then I'm going to add onto the end
migtarget.net.
So what I've Oh, I've made an error there.
Let's put in inverted commas.
So it's told me there this is a good thing
that it's actually told me that my formula is not going to work there.
I've just recreated it.
So now, before it's going to let me save that formula has to be correct.
So, if it's going to match with the migsource,
I'm going to manipulate it to the migtarget to match with that object.
And if it doesn't find one, I'm going to leave the target value as blank.
Let's click save
and apply that to my sync profile.
We go to the match section.
And then select the complex expression for
the UPN.
Click save.
One other thing I wanted to do was change the location of the head office users.
Let's select the target container, and I'm going to select the
the root of AD so that I'm really recreating
that mapping.
Okay.
Let's save that.
go back to my,
sync and look at my what if that will then rebuild it
with those changes.
And let's have a look.
We need to search for that person.
Here they are. Fantastic.
This time the action is update.
So that means it's found the user object and it's going to update them.
Let's have a look at that.
So the screen is ever so slightly changed.
This time I've got my source object.
I've now got the pre-existing target object listed here.
And all of the changes are in bold that we're going to perform
on that target object.
So you see the display name is changing.
Interestingly, the OU will be kept the same
as the current target object.
And then we're
looking down and the mail and the proxy addresses
and all of those other items are being updated.
As per the mappings.
Let's have a look at another user
because I need to check which OU it's going into.
Andre here.
We have it going into the same OU structure
because I changed that.
Okay.
Now, let's go back to the schedule.
I've been doing all of this without a license for PowerSyncPro.
This is an unlicensed version of PowerSyncPro.
You'll notice here that the export says no license for domain.
So I'm able to build all of this logic and test out PowerSyncPro
without having a license.
And now if I'm happy, I can go off to our Sales team and get a license.
So let's go to licenses and click Add.
And then
I've got one just here which I can apply.
I am now synced for my particular source.
So I synced.
I'm now licensed for my particular source and target domains
so I can come back to the schedule.
It's saying have I accepted the What-if now I haven't?
So I'm going to go to what if and click Accept and Export.
It will now apply those settings to the target
so you can see the numbers building up there.
Here, it's increasing.
I do have a few warnings there.
Let's just go and have a look at those.
Target linked member does not exist.
So, we have an interesting set of circumstances here
where we're creating the users for the very first time.
But these users have managers.
But it's a bit of a chicken and egg scenario whereby we can't assign
the manager unless the manager has been created already.
So let's wait
until all the objects have been created and the sync will need to be run.
So that sync has happened once again.
If I click one now to expedite the 30 minute sync cycle,
they should now all process once again,
and those warnings should now disappear.
Once it's identified that those managers do exist.
So it's just running through.
And there we go.
Those 72 changes have now been applied in the environment
for those users.
Let's go to the target environment.
So, let's give it a little refresh.
Fantastic.
My migsource limited users has appeared.
Let's go and have a look at one of these.
I've got my display name
with the manipulated object
and my email address is also updated as well.
We can go and have a look at the user principal
name.
That's great as well as a proxy address.
Fantastic.
We've got, the proxy addresses manipulated there.
Two and that user which I created,
Lucas, is still within this directory here.
However, we have now updated all of the attributes
with what we were specifying
in PowerSyncPro as the user principal name. So.
Okay, I hope you enjoyed this demo.
It was a very quick insight into PowerSyncPro Directory Synchronisation.
Please contact our Sales for more information and I hope you enjoyed these videos.
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
