Active Directory questions

[aviens]

After downgrading to PHP 4, I am now successfully running the SupportSuite software.

Now, I am configuring it. Here are my next barrage of questions:

1. How do I know when my Active Directory modifications have taken affect? Will I see my users listed?

2. I have multiple Active Directory sites... one parent domain and currently three child domains (soon to be more). How do I configure the Base DN for such a configuration? Will it trickle down through all child domains?

3. In these Active Directory domains, I have created several OU's for each department or function of a group of users. Will configuring a Base DN include OU's listed within it?

4. Besides using the LDAP synchronization, is there a simple import to SupportSuite that would allow me to import whatever information I would prefer to it? We don't have many users created that often, and it may prove fruitful to avoid the AD integration with SupportSuite and simply entering the e-mails through another method. Can I import this information into a particular MySQL table?

5. Where can I find a complete document for all the features of SupportSuite? The most I have found is the help file that talks about first installing the product. Now that I've done that, I'd like to find my way around the volume of features of SupportSuite. Is there a PDF I can download somewhere?

Thanks.

- Andre

[mhunt]

Hi Andre, I can help a little....

1. AD users are not imported...when a user logs into the client portal, their user account along with all their registered SMTP email addresses will be populated inside the DB. Can can see these in the Staff portal, under the users module.

2. I've not tested this, however, if you have a w2k3 AD domain, and you've set your loginshare account to authenticate against an account in a root domain, users within child domains should be able to login as long as you're not restricting the transient trusts. Again, I've not tested it....will give it a go

3. Yes.

4. No simple way....you'll have to write an import script and run it at scheduled times. We have done this here, however you need to bear in mind a few factors; (a) you'll need to specify the exact OU objects you want to import and verify that they are actually user accounts and not servers etc, (b) you'll need to create further MySQL tables to take account of user account changes, i.e. names changes following marriages etc - using the AD 'objectguid' is a good way to do this, as that item is unique throughout the life of an AD account, (c) you'll need to amend/delete/append new SMTP email addresses of users as SupportSuite does not take into account this when an AD user logs in....and everything in SupportSuite is tied to an SMTP account (i.e. a user leaves and a new user starts with the same name....that'll cause you all sorts of issues - if you have 10,000+ users like us you're likely to to experience this.

5. http://manual.kayako.net. It's still work in progress.

Mark

[aviens]

Thank you Mark, your answers are most appreciated! I will give it a go and try it out today.

- Andre

[aviens]

Hello,

I have a follow up question regarding child domains:

Our forest is running in Windows 2000 native mode, eventually to be upgraded to Windows 2003 native mode. Is there any way for the moment to specify the root namespace on a 2K AD to have it incorporate the child domains?

Our domain is set up in such a structure that each main department (city government) has its own child domain.

Thanks!

- Andre

[jadixon]

Is there any reason to include ALL smtp accounts associated with an Active Directory user? It appears that SupportSuite uses the email addresses as the primary identifier for an account. So for importing Active Directory users, can I just import the username and the primary email address?


I am currently in the 10-day trial period, but if we decide to use SupportSuite, we will go the "owned" route. Why not just modify the login code to update the database with the primary email address specified in AD during login? The full name could be updated at login as well. This would make importing AD users a lot easier -- you would just have to import the user name and a dummy password, and remember to set the logon module id to 107, then all the other data would be taken care of during login. Is there any reason not to do this?