Cannot sync Active Directory to Team Viewer

PS Z:\8. Bilgi Islem\3. Operations\Knowledge Base\Teamviewer_Sync> Z:\8. Bilgi Islem\3. Operations\Knowledge Base\Teamviewer_Sync\ADSync.ps1
Starting AD OU Sync...

Ping API...
Request [GET] /api/v1/ping
200 OK
Ping: Token is valid

Reading AD OU members

Get all users...
Request [GET] /api/v1/users?full_list=true
Request failed! The error was 'The remote server returned an error: (400) Bad Request.'.
Received content was:
{"error":"invalid_request","error_description":"Your Account does not have the rights required to call this function","error_code":1}
Exception calling "Add" with "2" argument(s): "Key cannot be null.
Parameter name: key"
At Z:\8. Bilgi Islem\3. Operations\Knowledge Base\Teamviewer_Sync\ADSync.ps1:174 char:3
+ $dictUsersAPI.Add($u.id, $u)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentNullException

AD OU Sync finished.

Comments

  • DomLan
    DomLan Posts: 490 ⭐Star⭐

    Hi @AkzirveBT

    I'm assuming you have an active license and working as a TeamViewer domain administrator to which you belong.
    To complete the synchronization operation, you had to configure a token script. The privileges you set for this token do not allow you to complete the synchronization operation. You should elevate the privileges associated with this script: you will not be able to edit it, so you will need to delete it and recreate a new one.

    Regards

    Domenico Langone

    MCSD: App Builder

  • I am using my main account to create token . But there is only "user" level in token options. 

  • DomLan
    DomLan Posts: 490 ⭐Star⭐

    Hi @AkzirveBT

    Did you create the APP in the TeamViewer Management Console?

    The message may be due to the failure to pass the clientId / clientSecret, generated at the end of app creation.

    Have you followed all the steps for integration?

    # Access Settings
    In order for this script to access your data, you mus either set the -accessToken- or all of the values required for OAuth 2.0: -clientId-, -clientSecret- and -authorizationCode-.

    -accessToken-
    Stores your script token. For information on how to create your own script token, please visit: http://integrate.teamviewer.com/en/develop/getStarted/#createScript

    -clientId-
    Create an app in your TeamViewer Management Console and insert the client ID here.
    For further information please visit: http://integrate.teamviewer.com/en/develop/getStarted/#createApplication

    -clientSecret-
    Insert your client secret here.

    -authorizationCode-
    With your client ID, visit https://webapi.teamviewer.com/api/v1/oauth2/authorize?response_type=code&client_id=YOURCLIENTIDHERE
    Login, grant the permissions (popup) and insert the code shown in the authorizationCode variable here.

    # Domain Settings

    -dn-
    Contains the domain components to the starting point of your query. For Example if the query should start at "users.example.com"
    the input would be "dc=users,dc=example,dc=com"

    # LDAP Credentials (Python only)

    -ldapUser-
    Defines the username for a user with LDAP read permission.

    -ldapUserPw-
    Defines the password for a user with LDAP read permission.

    # Connection Settings

    -dcIP-
    Insert the IP address of the Active Directory Server here.

    -dcLdapPort-
    Insert the port of the Active Directory Server here.

    # User Group Settings

    -syncGroupCN-
    Defines the Common Name of the user group.

    -syncGroupOU-
    Defines the Organizational Unit of the domain.

    -syncGroupSearchFilter-
    Defines the search filter using the values of dn, syncGroupCN and syncGroupOU.

    # New User Settings

    -defaultUserLanguage-
    Defines the language for new users. For example "en" for English or "de" for German.

    -defaultUserPassword-
    Defines the initial password for new users.

    -defaultUserPermissions-
    Defines the permissions for new users as a comma-separated list.
    For a list of all possible values refer to the API specification: http://integrate.teamviewer.com/en/develop/documentation/

    -deactivateUnknownUsers-
    In case a user is found in TeamViewer Management Console but not in the Active Directory, the script deactivates this user if this flag is set to true.

    Regards

    Domenico Langone

    MCSD: App Builder

  • done everyhing. no solution. same error ..

    Starting AD OU Sync...

    Get token...
    Request [POST] /api/v1/oauth2/token
    Payload: grant_type=authorization_code&code=3emcDK7M&client_id=108140-FfB7AITzlCw0w0qmA6sL&client_secret=IMR88qUDBYi514QLMtjR
    Token: Request failed! The error was 'Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (401) Unauthorized."
    '.
    Received content was:
    {"error":"invalid_token","error_description":"Invalid authorization code.","error_code":2}

    Ping API...
    Request [GET] /api/v1/ping
    200 OK
    Ping: Token is valid

    Reading AD OU members

    Get all users...
    Request [GET] /api/v1/users?full_list=true
    Request failed! The error was 'The remote server returned an error: (400) Bad Request.'.
    Received content was:
    {"error":"invalid_request","error_description":"Your Account does not have the rights required to call this function","error_code":1}
    Exception calling "Add" with "2" argument(s): "Key cannot be null.
    Parameter name: key"
    At \\172.16.61.57\akzirve\8. Bilgi Islem\3. Operations\Knowledge Base\Teamviewer_Sync\ADSync.ps1:174 char:3
    + $dictUsersAPI.Add($u.id, $u)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentNullException

    AD OU Sync finished.

  • Control panel not even allow me to create  apps

    Untitled1.jpg

  • DomLan
    DomLan Posts: 490 ⭐Star⭐

    Hi @AkzirveBT,

    have you create your APP? Last image show that your USER (or user logged via OAuth) haven't rights to permit to the APP to do what it ask for.

    First reply after Authorization process (in previous reply):

    Request [POST] /api/v1/oauth2/token
    Payload: grant_type=authorization_code&code=3emcDK7M&client_id=1xxxxxxxxxxxxxxxxxx&client_secret=xxxxxxxxxxxxxxxxxxxxxxxx... this show that CODE after authorize isn't valid/enough for specific task (but it.'s still a valid access token for other operation).

    Please: don't post client ID or secret ID (placeholders are more than enough)

    Let me know.

    Regards.

     

    Domenico Langone

    MCSD: App Builder

  • W_deFazio
    W_deFazio Posts: 22 Staff member 🤠

    Hello AkzirveBT,

    The error like DomLan mentioned, is due to not enough permissions. Per what you described, you are creating the token with user level, for the ADSync you will company level token. 

    Have you created your company profile? 

    If yes, to create a company level script token, please do the following:

    - Sign in with the company profile administrator account, on the Management Console(www.login.teamviewer.com)
    - On the top right of the page click on the blue button with the user name and profile picture
    - Click on Administer "company profile name"
    - Go to "Apps"
    - Then "Create script token"
    - Select the permissions and click Save.

    Best Regards,

    W_deFazio

  • tobi_18
    tobi_18 Posts: 6

    PERFECT ! WORKS !