Active Directory Connector (AD Connector)

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 18px 0; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1396px; margin: 0 auto; } .footer .follow-cta, .footer a { color: #6B829B; font-size: 12px; margin-right: 10px; text-decoration: none; } .footer a:hover { color: #0276b3; } .footer .social-link img { height: 15px; width: auto; margin-right: 20px; } .footer .social-link:last-of-type img { margin-right: 0 } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-col { padding: 0 3px; } .footer-col-copyRight { justify-content: flex-start; } .footer-col-logo { justify-content: flex-end; display: flex; align-items: center; } .footer-col-copyRight, .footer-col-logo { flex: 1; display: flex; } .logo { width: 120px; height: 28px; opacity: 0.6; } @media screen and (max-width: 768px) { .footer-row { display: block; } .footer-col { width: 100%; text-align: center; margin: 6px 0; } .footer-col:first-child { margin-top: 0; } .footer-col:last-child { margin-bottom: 0; } .footer-col-copyRight, .footer-col-logo { justify-content: center; } .logo { margin: 0 auto; } } /*# sourceMappingURL=styles.css.map */ <iframe src="https://www.googletagmanager.com/ns.html?id=GTM-T9RD3NN" height="0" width="0" style="display:none;visibility:hidden"></iframe>

Active Directory Connector (AD Connector) - TeamViewer Support

This article applies to TeamViewer customers with a Premium, Corporate, or Tensor license.

The TeamViewer Active Directory Connector (AD Connector) helps administrators to create and setup TeamViewer accounts easily and centrally for all employees in a company via Active Directory without the need of adapting and using scripts and programming knowledge.

Requirements

To use this feature you need

a TeamViewer company profile (How to create your company profile)
a valid TeamViewer Premium, Corporate, or Enterprise license for TeamViewer
to download the AD Connector from our Integrations site
an API token from the Management Console
Windows Server 2012 with Windows Powershell 4.0

Download the AD Connector

You can download the AD Connector from our website here.

Run the AD Connector

To run the program, please un-zip the file and double-click the Configure TeamViewer AD Connector.bat file.

Getting started

The TeamViewer AD Connector has two main areas such as Configuration and Scheduled task.

The configuration UI provides the following features:

Show and adapt the sync configuration.
Validate the entered TeamViewer API token.
Manually trigger a run of the synchronization script.
Install/Uninstall a scheduled task to run the synchronization script automatically.

The configuration UI requires to be run with elevated user rights to be able to install and uninstall the scheduled task. The script automatically asks for elevated rights (if required).

Configuration (2 tabs)

These are the available configuration parameters of the TeamViewer AD Connector

Synchronization

Setting: Api token

Description: The TeamViewer API access token that is used for accessing the TeamViewer company user management. You can create the script token in the Management Console --> Edit profile --> Apps --> Create script token. You only need the permission View, create and edit users and admins for User Management:

📌Note: If you also do not want to deactivate admin accounts, please choose in User Management → View, create and edit users.

_____

Setting: AD groups

Description: The LDAP identifier (without the leading `LDAP://` protocol scheme) of the AD groups used for the synchronization.

You do not need to run the AD Connector on a Domain Controller. All computers that are part of the domain can access the list of AD groups.

_____

Setting: Test run

Description: If set to `true` the synchronization will not modify any TeamViewer user resources but instead only log the actions that would have been executed.

_____

Setting: Deactivate TeamViewer Users that are not members of the AD group

Description: If set to `true` TeamViewer users that are not a member of the selected AD group will be disabled.

_____

Setting: Include users of nested AD groups

Description: If set to `true` users of nested AD groups will be included.

_____

Setting: Include secondary email addresses for synchronization

Description: If set to `true` secondary email addresses will be included.

_____

Setting: Include secondary email addresses for synchronization

Description: If set to `true` secondary email addresses will be included.

_____

TeamViewer Accounts

Setting: Language

Description: The two-letter language identifier used as the default language for newly created TeamViewer users. For example, it is used to localize the "Welcome" email.

_____

Accounts Type

Setting: Create accounts with predefined password

Description: The initial password used for newly created TeamViewer users to be changed by the user when logging in the first time.

_____

Setting: Create accounts with generated password

Description: A random password will be generated by the system. A password reset mail will be sent to the user automatically so that the user can change the password.

_____

Setting: Use Single Sign-On

Description: Users can login with via SSO. The admin needs to add the Identifier he got whilst activating SSO for your company.

_____

Scheduled task

The scheduled task will be created with the specified interval as:

...\TeamViewer\TeamViewer AD Connector

The output of the scheduled task is redirected to the specified log file location.

You can set the interval for the task as you like. The interval is currently on an hourly base.

Change user for scheduled task:

You might need to modify the user in order to have the necessary execution permissions for the scheduled task. To change the user of the scheduled task:

Go to Start --> Administrative Tools --> Task Scheduler
Select Task Scheduler Library
Right-click the scheduled task to modify, select Properties, and select the General tab or double click the scheduled task.
Click the Change User or Group... button
Enter <USER> in Enter the object name to select text box and press Check Names
Press OK button
Under When running the task, use the following user account: you should now see this user.
Click OK, then quit Scheduled Tasks.

User Synchronization Logic

The actual synchronization is done by the Invoke-Sync.ps1 script in the TeamViewerADConnector directory using the following logic:

Users of the configured AD group that are not yet part of the configured TeamViewer company (identified by the API token) will be created with the specified initial password.

Users of the configured AD group that are already part of the configured TeamViewer company will be updated.

If configured, users of the TeamViewer company that are not present in the configured AD group will be deactivated.

Identification of users is done based on the email addresses.