Announcements

TeamViewer IoT is hiring! Check out the open positions here!

Posted by Shermaine
Digon

Import user Or integrate with Active director

Hi Expert,

I am new to teamviewer and we just bought corporate license, I checked it can import all users from excel file or also can integrate with AD, has anyone used those function, which is easier and stable. I have less than 400 users, can someone share some idea about this?

 

What we need is remote access for the pc and have message chat with company users

 

Thanks

Shermaine

1 Accepted Solution

Accepted Solutions
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Import user Or integrate with Active director

Dear Shermaine,

Thank you for your post and a warm welcome to our community.

The easiest way to integrate your Active Directory is with our TeamViewer API.
Go to https://integrate.teamviewer.com/en/integrate/activedirectory/

You find our example script which can be configured by our own.
Click on http://download.teamviewer.com/integrate/TeamViewer_API_Example_Active_Directory.zip

Extract the ZIP File and edit in the PowerShell folder the file "ADSync.ps1"

The first thing you need, is your user access token. Go to https://login.teamviewer.com/LogOn and sign in with the company administrator TeamViewer account.


After you logged in, click on the top right corner on the company administrator name and choose Edit administer [Your company profile name]


It comes up a window where you should see on the left side a option Apps. Click on Apps and on Create script token

Script Token.png



In the next window you have to set up a name for the token. Choose what you want ;-)
Click on Drop-Down Box User management and set the permissions to View, create and edit users. After you are set everything, click on Save

Creat Scipt token.png 
Now you should see your personal script token.

script token create.png

 

Copy your token and set in the script into the line (replace the "xxxxx" with your token):

$accessToken = "XX-XXXXXXXXXXXXXXXXXXXX"



Next step, edit the Domain and LDAP settings. Replace the example with our own.

# domain settings
$dn = "dc=testad,dc=local"

# ldap settings
$dcIP = "127.0.0.1"
$dcLdapPort = "389"

 

Our script can synchronize security groups from your AD.
Configured the security group and the OU where the group is located:

# user group to sync with management console
$syncGroupCN = "tvuser"
$syncGroupOU = "myUsers"
$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,$dn))"



Every new user need a password and permissions in the management console:
(unfortunately SingleSignOn, will not working this is currently a Feature Request)

# new user defaults (if not available in csv import file)
$defaultUserLanguage = "en"   
$defaultUserPassword = "myInitalPassword!"
$defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"



If you want that inactive or deleted user from the AD security group should automatically set to inactive in the Management Console, it the script runs.
Set this parameter to "true"

# deactivate company users not found in the configured AD group 
$deactivateUnknownUsers = $false



The last parameter is for testing the script. Are you sure everything is correct?
Set the parameter to "false"

# testRun needs to be set to false for the script to perform actual changes
$testRun = $true



If you want to execute the script, open a command prompt as "Administrator" and tpye the command:

PowerShell.exe -version 2

(All our example script with PowerShell are written in "PowerShell Version 2")


 
Make sure that you could run PowerShell scripts on your computer.
If not you have to set this command:

Set-ExecutionPolicy Unrestricted

 

You want to make more then 150 within 15 minutes?
Put a Start-Sleep Loop of 7 seconds into the script.

Why you need this?
The TeamViewer API has the restriction that a script could not make more then 150 within 15 minutes.


Cheers and happy scripting.
Tobias

 

 

 

7 Replies
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Import user Or integrate with Active director

Dear Shermaine,

Thank you for your post and a warm welcome to our community.

The easiest way to integrate your Active Directory is with our TeamViewer API.
Go to https://integrate.teamviewer.com/en/integrate/activedirectory/

You find our example script which can be configured by our own.
Click on http://download.teamviewer.com/integrate/TeamViewer_API_Example_Active_Directory.zip

Extract the ZIP File and edit in the PowerShell folder the file "ADSync.ps1"

The first thing you need, is your user access token. Go to https://login.teamviewer.com/LogOn and sign in with the company administrator TeamViewer account.


After you logged in, click on the top right corner on the company administrator name and choose Edit administer [Your company profile name]


It comes up a window where you should see on the left side a option Apps. Click on Apps and on Create script token

Script Token.png



In the next window you have to set up a name for the token. Choose what you want ;-)
Click on Drop-Down Box User management and set the permissions to View, create and edit users. After you are set everything, click on Save

Creat Scipt token.png 
Now you should see your personal script token.

script token create.png

 

Copy your token and set in the script into the line (replace the "xxxxx" with your token):

$accessToken = "XX-XXXXXXXXXXXXXXXXXXXX"



Next step, edit the Domain and LDAP settings. Replace the example with our own.

# domain settings
$dn = "dc=testad,dc=local"

# ldap settings
$dcIP = "127.0.0.1"
$dcLdapPort = "389"

 

Our script can synchronize security groups from your AD.
Configured the security group and the OU where the group is located:

# user group to sync with management console
$syncGroupCN = "tvuser"
$syncGroupOU = "myUsers"
$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,$dn))"



Every new user need a password and permissions in the management console:
(unfortunately SingleSignOn, will not working this is currently a Feature Request)

# new user defaults (if not available in csv import file)
$defaultUserLanguage = "en"   
$defaultUserPassword = "myInitalPassword!"
$defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"



If you want that inactive or deleted user from the AD security group should automatically set to inactive in the Management Console, it the script runs.
Set this parameter to "true"

# deactivate company users not found in the configured AD group 
$deactivateUnknownUsers = $false



The last parameter is for testing the script. Are you sure everything is correct?
Set the parameter to "false"

# testRun needs to be set to false for the script to perform actual changes
$testRun = $true



If you want to execute the script, open a command prompt as "Administrator" and tpye the command:

PowerShell.exe -version 2

(All our example script with PowerShell are written in "PowerShell Version 2")


 
Make sure that you could run PowerShell scripts on your computer.
If not you have to set this command:

Set-ExecutionPolicy Unrestricted

 

You want to make more then 150 within 15 minutes?
Put a Start-Sleep Loop of 7 seconds into the script.

Why you need this?
The TeamViewer API has the restriction that a script could not make more then 150 within 15 minutes.


Cheers and happy scripting.
Tobias

 

 

 

Highlighted
Posted by TeamViewer Staff
TeamViewer Staff

Re: Import user Or integrate with Active director

Good Post :)

Wanted to mention that since we have an open API. Users can edit the script to accommodate nested OUs.

 

$syncGroupCN = "tvuser"
$syncGroupOU = "myUsers"
$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,ou=anotherOU,ou=anotherOU2,$dn))"

When editing the scripts for nested OUs. It should always start from the bottom OU to the top level OU. 

 

TeamViewer Enterprise Solutions Engineer
1 Reply
Posted by ShermaineW
Digon

Re: Import user Or integrate with Active director

Thanks, Tobias.

I am going to import the user, rather than integrate with AD, anyway AD does not support Single Sign on now, I would rather doing import from CSV file.

I am thinkin g if it is possible to import the photo as well, for each user profiler.

Posted by ShermaineW
Digon

Re: Import user Or integrate with Active director

thanks you as well, Alfonso588.

Posted by scharman
Henagon

Re: Import user Or integrate with Active director

whats the exact sytax of the start -sleep ?

Posted by haribn
Henagon

Re: Import user Or integrate with Active director

I ran the script with our domain parameters and it ran successfully.  But what is the next step after running the script?  I did not see anu output.

Posted by sonicomega
Henagon

Re: Import user Or integrate with Active director

Helllo Tobias the helpful one. I have a question regarding your ADSync script and AD integration in general. First question is, if I am running this script in the PS ISE, where will I see the outcome? Second question is I am running into an error having to do with line 146. The error reads

Reading AD OU members

Get all users...
Request [GET] /api/v1/users?full_list=true
Request failed! The error was 'The remote server returned an error: (401) Unauthorized.'.
Received content was:
{"error":"invalid_token","error_description":"Access token does not have the required permissions for this function.","error_code":2}
Exception calling "Add" with "2" argument(s): "Key cannot be null.
Parameter name: key"
At C:\Users\owood\Downloads\TeamViewer_API_Example_Active_Directory\TeamViewer_API_Example_Active_Directory\PowerShell\ADSync.ps1:174 char:3
+ $dictUsersAPI.Add($u.id, $u)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentNullException

AD OU Sync finished.

 

I am no PS guru and do appreciate the help (and Maricela's and Christian's). Can you shine light on what is going wrong? Quick side note, I used the Unblocked-File cmdlet instead of figuring out the right execution level and unblocked files that were blocked.