@Aaron_Boshers, here you go.
@Tobias Credit to you :-) We will upload your reply to the Knowledge Base
__________________________________________________________________________
The easiest way to integrate your Active Directory is with our TeamViewer API.
Go to https://integrate.teamviewer.com/en/integrate/activedirectory/
You find our example script which can be configured by our own.
Click on http://download.teamviewer.com/integrate/TeamViewer_API_Example_Active_Directory.zip
Extract the ZIP File and edit in the PowerShell folder the file "ADSync.ps1"
The first thing you need, is your user access token. Go to https://login.teamviewer.com/LogOn and sign in with the company administrator TeamViewer account.
After you logged in, click on the top right corner on the company administrator name and choose Edit administer [Your company profile name]
It comes up a window where you should see on the left side a option Apps. Click on Apps and on Create script token
In the next window you have to set up a name for the token. Choose what you want ;-)
Click on Drop-Down Box User management and set the permissions to View, create and edit users. After you are set everything, click on Save
Now you should see your personal script token.
Copy your token and set in the script into the line (replace the "xxxxx" with your token):
$accessToken = "XX-XXXXXXXXXXXXXXXXXXXX"
Next step, edit the Domain and LDAP settings. Replace the example with our own.
# domain settings
$dn = "dc=testad,dc=local"
# ldap settings
$dcIP = "127.0.0.1"
$dcLdapPort = "389"
*** Additional Configuration note***
If you have multiple domains or subdomains, running on your local domain controller like above the script can only see local domain users.
In order to parse all of the domains, you can change the DC IP to the DNS name of the LDAPS Global List and change the port to 3269 to read from the global list to read all domain accounts.
# ldap settings
$dcIP = "ldaps.mysite.com"
$dcLdapPort = "3269"
*** end of note ***
Our script can synchronize security groups from your AD.
Configured the security group and the OU where the group is located:
# user group to sync with management console
$syncGroupCN = "tvuser"
$syncGroupOU = "myUsers"
$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,$dn))"
Every new user need a password and permissions in the management console:
(unfortunately SingleSignOn, will not working this is currently a Feature Request)
# new user defaults (if not available in csv import file)
$defaultUserLanguage = "en"
$defaultUserPassword = "myInitalPassword!"
$defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"
If you want that inactive or deleted user from the AD security group should automatically set to inactive in the Management Console, it the script runs.
Set this parameter to "true"
# deactivate company users not found in the configured AD group
$deactivateUnknownUsers = $false
The last parameter is for testing the script. Are you sure everything is correct?
Set the parameter to "false"
# testRun needs to be set to false for the script to perform actual changes
$testRun = $true
If you want to execute the script, open PowerShell as "Administrator"
PowerShell.exe
Make sure that you could run PowerShell scripts on your computer.
If not you have to set this command:
Set-ExecutionPolicy Unrestricted
Please keep the following restrictions in mind:
Rate limits apply per Account per API call and are based on the TeamViewer license:
Free = 300 requests per hour
Business = 7200 requests per 24 hour
Premium = 14400 requests per 24 hour
Corporate = 36000 requests per 24 hour
If you have any issues, please feel free to reach out to your local support center for further assistance.
