Active Directory Sync
Wichtig
This workflow is part of the Server User Management Enterprise Utility and is not automatically installed with Alteryx Designer. To use this workflow, download it from the Alteryx Marketplace.
Use this workflow to sync updates from Active Directory (AD) to your Alteryx Server. Check if AD groups exist in Server, and create them if needed. Add or remove Alteryx Server users from User Groups based on their AD groups.
Requirements and Prerequisites
Users must first sign in to Alteryx Server to create a user record. Once the user record is created, the user is synced to a group the next time the workflow is run. Changes to a user's name or email address in Active Directory or Entra ID don't update the user record in Alteryx Server. To update the record in Server, you must edit the user details in the Server UI.
Additionally, these requirements must be met:
Windows Active Directory server set up with users and groups.
Windows Remote Server Administration Tools must be installed on the machine used to connect to the AD server.
AD Server credentials: Server name or IP Address, username, and password.
Alteryx Server API Tool: Download from the Alteryx Marketplace.
Alteryx Server API credentials: Base URL, API Key, and API Secret. For more information, go to the API Overview help page.
Install
This workflow is a standard YXI installer. Download the Server User Management Enterprise Utility from the Alteryx Marketplace, and double-click the YXI to install it.
Once installed, you can find the workflow in Designer via Help > Sample Workflows > Enterprise Utilities > Server User Management > Active Directory Sync.
Configure
To configure the Active Directory Sync workflow, update the information in the tools inside a yellow comment box. You need to update the below tools.
Text Input Tool
Update the Text Input tool with the desired AD groups to investigate. You can enter multiple groups, 1 per row.
Macro Configuration
Update the macro configuration with your Windows AD Server credentials. To find your AD Server, run the following command in a command prompt or PowerShell. Replace MY_DOMAIN with your domain.
nltest /dsgetdc:MY_DOMAIN
Server API Tool
Update the Server API tool with your Server API credentials.
Workflow Components
The Active Directory Sync workflow is broken into several parts—each part serves a specific purpose.
The first section connects to the Active Directory server to retrieve the specified AD groups and the users within the groups.
Next, the Server API tool connects to your Alteryx Server to retrieve all User Groups and all Users.
Next, the workflow compares the information from Active Directory with the information in Alteryx Server for both groups and users.
The workflow passes any groups that exist in AD but not Server to the next section.
The workflow passes any users that exist in AD but not Server directly to the report output section.
Add missing AD groups to Alteryx Server: This process can add as many groups as needed with one call. Once added, the workflow pulls the updated list of Alteryx Server User Groups again and passes it downstream.
Once all User Groups exist in Alteryx Server, the workflow pulls the list of users in each group to compare against the list of users in each AD group.
The workflow compares users in the Alteryx Server User Groups to the users in the AD groups.
Users that are in an AD group but not the matching Alteryx Server User Group are added to the Server groups.
Users in Alteryx Server User Groups who are not in the matching AD Group are removed from the Server User Groups.
Output
The Reports section of the workflow builds the final report which includes 4 reports combined into a single PDF. Report information includes…
AD groups added to Alteryx Server.
AD users who need to sign in to Alteryx Server before they can be added to Server User Groups.
Users added to Alteryx Server User Groups.
Users removed from Alteryx Server User Groups.
Common Errors
Review common errors that you might encounter.
"Get-ADGroup is not recognized as cmdlet": This error comes from the Powershell script that tries to reach the Active Directory server. The error indicates that the Remote Server Administration tools are not installed. To install, open an administrator instance of Powershell and run this command:
Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online | Add-WindowsCapability -Online
Tipp
This error might also present as "Get-ADUser" but the fix is the same.
""Mask Text" option for Text Box question is not allowed in current DCM configuration": This error comes from the DCM settings for Designer. If the DCM setting is set to DCM Only, the mask text option is not allowed.
Go to Options > User Settings > Edit User Settings and enable the check box for Override DCM Settings. Set DCM Mode to DCM as Default and set SDK Access Mode to AllowAll.