Import user Or integrate with Active director
Hi Expert,
I am new to teamviewer and we just bought corporate license, I checked it can import all users from excel file or also can integrate with AD, has anyone used those function, which is easier and stable. I have less than 400 users, can someone share some idea about this?
What we need is remote access for the pc and have message chat with company users
Thanks
Shermaine
Best Answer
-
Dear Shermaine,
Thank you for your post and a warm welcome to our community.
The easiest way to integrate your Active Directory is with our TeamViewer API.
Go to https://integrate.teamviewer.com/en/integrate/activedirectory/You find our example script which can be configured by our own.
Click on http://download.teamviewer.com/integrate/TeamViewer_API_Example_Active_Directory.zipExtract the ZIP File and edit in the PowerShell folder the file "ADSync.ps1"
The first thing you need, is your user access token. Go to https://login.teamviewer.com/LogOn and sign in with the company administrator TeamViewer account.
After you logged in, click on the top right corner on the company administrator name and choose Edit administer [Your company profile name]
It comes up a window where you should see on the left side a option Apps. Click on Apps and on Create script token
In the next window you have to set up a name for the token. Choose what you want ;-)
Click on Drop-Down Box User management and set the permissions to View, create and edit users. After you are set everything, click on Save
Now you should see your personal script token.
Copy your token and set in the script into the line (replace the "xxxxx" with your token):$accessToken = "XX-XXXXXXXXXXXXXXXXXXXX"
Next step, edit the Domain and LDAP settings. Replace the example with our own.# domain settings
$dn = "dc=testad,dc=local"
# ldap settings
$dcIP = "127.0.0.1"
$dcLdapPort = "389"Our script can synchronize security groups from your AD.
Configured the security group and the OU where the group is located:# user group to sync with management console
$syncGroupCN = "tvuser"
$syncGroupOU = "myUsers"
$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,$dn))"
Every new user need a password and permissions in the management console:
(unfortunately SingleSignOn, will not working this is currently a Feature Request)# new user defaults (if not available in csv import file)
$defaultUserLanguage = "en"
$defaultUserPassword = "myInitalPassword!"
$defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"
If you want that inactive or deleted user from the AD security group should automatically set to inactive in the Management Console, it the script runs.
Set this parameter to "true"# deactivate company users not found in the configured AD group
$deactivateUnknownUsers = $false
The last parameter is for testing the script. Are you sure everything is correct?
Set the parameter to "false"# testRun needs to be set to false for the script to perform actual changes
$testRun = $true
If you want to execute the script, open a command prompt as "Administrator" and tpye the command:PowerShell.exe -version 2
(All our example script with PowerShell are written in "PowerShell Version 2")
Make sure that you could run PowerShell scripts on your computer.
If not you have to set this command:Set-ExecutionPolicy Unrestricted
You want to make more then 150 within 15 minutes?
Put a Start-Sleep Loop of 7 seconds into the script.
Why you need this?
The TeamViewer API has the restriction that a script could not make more then 150 within 15 minutes.
Cheers and happy scripting.
Tobias10
Answers
-
Dear Shermaine,
Thank you for your post and a warm welcome to our community.
The easiest way to integrate your Active Directory is with our TeamViewer API.
Go to https://integrate.teamviewer.com/en/integrate/activedirectory/You find our example script which can be configured by our own.
Click on http://download.teamviewer.com/integrate/TeamViewer_API_Example_Active_Directory.zipExtract the ZIP File and edit in the PowerShell folder the file "ADSync.ps1"
The first thing you need, is your user access token. Go to https://login.teamviewer.com/LogOn and sign in with the company administrator TeamViewer account.
After you logged in, click on the top right corner on the company administrator name and choose Edit administer [Your company profile name]
It comes up a window where you should see on the left side a option Apps. Click on Apps and on Create script token
In the next window you have to set up a name for the token. Choose what you want ;-)
Click on Drop-Down Box User management and set the permissions to View, create and edit users. After you are set everything, click on Save
Now you should see your personal script token.
Copy your token and set in the script into the line (replace the "xxxxx" with your token):$accessToken = "XX-XXXXXXXXXXXXXXXXXXXX"
Next step, edit the Domain and LDAP settings. Replace the example with our own.# domain settings
$dn = "dc=testad,dc=local"
# ldap settings
$dcIP = "127.0.0.1"
$dcLdapPort = "389"Our script can synchronize security groups from your AD.
Configured the security group and the OU where the group is located:# user group to sync with management console
$syncGroupCN = "tvuser"
$syncGroupOU = "myUsers"
$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,$dn))"
Every new user need a password and permissions in the management console:
(unfortunately SingleSignOn, will not working this is currently a Feature Request)# new user defaults (if not available in csv import file)
$defaultUserLanguage = "en"
$defaultUserPassword = "myInitalPassword!"
$defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"
If you want that inactive or deleted user from the AD security group should automatically set to inactive in the Management Console, it the script runs.
Set this parameter to "true"# deactivate company users not found in the configured AD group
$deactivateUnknownUsers = $false
The last parameter is for testing the script. Are you sure everything is correct?
Set the parameter to "false"# testRun needs to be set to false for the script to perform actual changes
$testRun = $true
If you want to execute the script, open a command prompt as "Administrator" and tpye the command:PowerShell.exe -version 2
(All our example script with PowerShell are written in "PowerShell Version 2")
Make sure that you could run PowerShell scripts on your computer.
If not you have to set this command:Set-ExecutionPolicy Unrestricted
You want to make more then 150 within 15 minutes?
Put a Start-Sleep Loop of 7 seconds into the script.
Why you need this?
The TeamViewer API has the restriction that a script could not make more then 150 within 15 minutes.
Cheers and happy scripting.
Tobias10 -
Good Post
Wanted to mention that since we have an open API. Users can edit the script to accommodate nested OUs.
$syncGroupCN = "tvuser"
$syncGroupOU = "myUsers"
$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,ou=anotherOU,ou=anotherOU2,$dn))"When editing the scripts for nested OUs. It should always start from the bottom OU to the top level OU.
2 -
Thanks, Tobias.
I am going to import the user, rather than integrate with AD, anyway AD does not support Single Sign on now, I would rather doing import from CSV file.
I am thinkin g if it is possible to import the photo as well, for each user profiler.
0 -
thanks you as well, Alfonso588.
0 -
whats the exact sytax of the start -sleep ?
0 -
I ran the script with our domain parameters and it ran successfully. But what is the next step after running the script? I did not see anu output.
0 -
Helllo Tobias the helpful one. I have a question regarding your ADSync script and AD integration in general. First question is, if I am running this script in the PS ISE, where will I see the outcome? Second question is I am running into an error having to do with line 146. The error reads
Reading AD OU members
Get all users...
Request [GET] /api/v1/users?full_list=true
Request failed! The error was 'The remote server returned an error: (401) Unauthorized.'.
Received content was:
{"error":"invalid_token","error_description":"Access token does not have the required permissions for this function.","error_code":2}
Exception calling "Add" with "2" argument(s): "Key cannot be null.
Parameter name: key"
At C:\Users\owood\Downloads\TeamViewer_API_Example_Active_Directory\TeamViewer_API_Example_Active_Directory\PowerShell\ADSync.ps1:174 char:3
+ $dictUsersAPI.Add($u.id, $u)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentNullException
AD OU Sync finished.I am no PS guru and do appreciate the help (and Maricela's and Christian's). Can you shine light on what is going wrong? Quick side note, I used the Unblocked-File cmdlet instead of figuring out the right execution level and unblocked files that were blocked.
0