Note: Before installing AD Sync, ensure that your system has .NET 6 installed. You can download .NET 6 from here.

General Settings

AD DC Settings

Add your Domain Controller settings in this area.

Domain Name should be set as follows, the domain name should be set with a DC= prefix, using a comma to replace dots.

In the example below the Domain name on AD is city.local, and the form should be filled out as per the screenshot.

 

Test Mode

If you turn on test mode, your root OU will be appended with _tst, your users will also have _tst appended to their username. It is a good idea to run an initial sync with this mode turned on.

 

Include Protected Users

Don't include protected staff, and don't include protected students, if these options are selected, your user's that are protected in realsmart (smartsync turned off) will not be included in the sync to AD.

 

Username Settings

Usernames can be modified from what appears in realsmart in the following ways:

  • Remove Dashes and Apostrophes from usernames in realsmart when adding to AD

Display names can also be customised in how they appear in AD, you can customise Staff and Student display names using the following options:

  • %PF - Preferred Forename
  • %PFFC - Preferred Forename First Character
  • %LF - Legal Forename
  • %LFFC - Legal Forename First Character
  • %PS - Preferred Surname
  • %PSFC - Preferred Surname First Character
  • %LS - Legal Surname
  • %LSFC - Legal Surname First Character

The above options can be combined with commas or spaces as follows:

AD Mappings

Some fields in AD can be used to add data from your MIS, at present this is limited to the "Office" field in AD, the following options are available for mapping:

  • Forename
  • Surname
  • Username
  • MIS ID
  • UPN / Staff Code

AD Windows Application Details

This data is specific to the application and not relevant to the end user

 

Staff

Active Directory Staff Accounts

The following options are available for processing staff accounts:

  • Process Staff - Add staff to AD from realsmart
  • Change Password Next Logon - When creating a new user in AD
  • Password Never Expires - When creating a new user in AD
  • Cannot Change Password - When creating a new user in AD
  • Default Staff AD Password - Mandatory Field - Set a default password for new user in AD, please note if this password does not fulfil your AD Password policy, AD Sync will fail.

Active Directory Settings

Set the OU Path for newly created staff users available wildcards are:

  • %TS - Wildcard for user type, this is set further down on this page

The OU Path should be in reverse order, and separated by dots (not including DC Data), the following example would place staff in DC=city,DC=local,OU=City,OU=Staff,OU=%TS:

You can also set a "Leavers OU Path", any users that are suspended in Realsmart will be moved to this OU in Active Directory.

User Profile

Set the User Profile details in AD, the following wildcard is available:

  • %UN - Username

Home Folder

Connect Path

The Connect Path can be the same as the "Local Path" this is where the "To" portion of the below screenshot. 

Local Path & Drive

The home folder should point to the Network Folder you have setup for use with AD, in this example it is HomeFolders:

Set the Home Folder details in AD, the following wildcard is available, in addition to the usual AD wildcards, in the example, you can use the wildcard %UN for username , the Home Folder is where a folder will be created and shared in your Windows environment, Drive is the drive letter you use in AD under:

  • %UN - Username

OU Settings By User Type

Here we set the wildcard for %TS which was used in the OU settings:

Save Settings

 

 

Staff Groups

In this area we set our Staff Groups, these are existing groups from your MIS, place each group on a new line, nested groups will be found based on their name, not location.

You can add groups to All Staff, Teaching Staff and Non-Teaching staff as follows:

 

 

Student Settings

Active Directory Staff Accounts

The following options are available for processing staff accounts:

  • Process Students - Add students to AD from realsmart
  • Change Password Next Logon - When creating a new user in AD
  • Password Never Expires - When creating a new user in AD
  • Cannot Change Password - When creating a new user in AD
  • Default Student AD Password - Mandatory Field - Set a default password for new user in AD, please note if this password does not fulfil your AD Password policy, AD Sync will fail.

Active Directory Settings

Set the OU Path for newly created student users, and setup an OU for moving leavers into, available wildcards are:

  • %YG - Wildcard for user type, this is set further down on this page

The OU Path should be in reverse order, and separated by dots, the following example would place students in DC=city,DC=local,OU=City,OU=Staff,OU=%YG:

User Profile

Set the User Profile details in AD, the following wildcard is available:

  • %UN - Username

Home Folder

Connect Path

The Connect Path can be the same as the "Local Path" this is where the "To" portion of the below screenshot. 

Local Path & Drive

The home folder should point to the Network Folder you have setup for use with AD, in this example it is HomeFolders:

Set the Home Folder details in AD, the following wildcard is available, in addition to the usual AD wildcards, in the example, you can use the wildcard %UN for username , the Home Folder is where a folder will be created and shared in your Windows environment, Drive is the drive letter you use in AD under:

  • %UN - Username

Year Group Settings

The application will dynamically pick up available year groups for your school, for each year group you should specify how you would like this to appear in AD, as follows, this is used when specifying OUs using the %YG wildcard: 

Intake Year Settings

You can add intake years, which allows you to use the %IY wildcard, which you may want to use as part of the Home Folder local path.

Student Groups

In this area we set our Student Groups, these are existing groups from your MIS, place each group on a new line, nested groups will be found based on their name, not location.

 

Scripts

You may want to execute a script when a user is created in Active Directory, for instance if you would like to populate the "Description" field with a date of when the user was created and that it was created by Realsmart, you would add the following:

set-aduser -identity "%UN" -description "Created by Realsmart - %DAY"

This code above would identify the user by their username, then set a description value of "Created by Realsmart - d/m/Y".

These script executions can be set for:

  • All staff
  • Teaching Staff
  • Non-Teaching Staff
  • Students

Exclusions

This area is where you can specify email addresses that should not be imported into AD, put each email address on a new line that you do not want imported into AD. You can use an asterisk to add a starts with, or ends with clause to your options.

In this example sam@realsmart.co.uk, and any usernames starting with "smart" would not be imported to AD.

 

 

Preview Export

Before running an import to AD from your Windows Server, you can preview what will be imported from realsmart, you can see this as a web page, or download a copy of the CSV that is used by our Windows application.

Please note that the table displayed can be scrolled horizontally to reveal additional columns.

Logs

The logs will show the username of users imported into AD, which OU they have been placed in, and the date on which this event occurred.

 

 

Email Notifications

For each sync, accounts created in AD will be sent as a single email to the Primary Contact Email, which can be set on the following page https://provision.realsmart.co.uk/admin/settings?page=details.

The email will appear as follows: