Best practices and recommendations

Below you will find recommendations, best practices, and general advice concerning WorkZone Active Directory Connector and pre-transfer issues.

Monitor first transfer in the Event Log

It is recommended that you monitor your first transfer of user data from Active Directory to WorkZone with WorkZone Active Directory Connector The trial transfer is described in Transfer data.

All errors are reported in the Windows event log. You should monitor the event log carefully through the initial transfer. Fix the errors that occur while monitoring the event log. You can check the event log in Event Viewer.

• To open Event Viewer, click Start > Control panel > Administration tools > Event Viewer.

You must run a total update enabled transfer. To do this, in the WorkZone Active Directory Connector form, select the total update check box before you start a transfer.

One Configuration File per Database

• You must have only one configuration file per database. Make sure that your scheduled tasks use the correct configuration file.
• If you transfer manually, always disable the scheduled task.
• Perform only one transfer per database at any time.
• If you are doing major maintenance in AD, stop your scheduled task while you are manually monitoring you transfer.
• Enable the scheduled task when the procedure is completed, see Re-enable the scheduled transfer task.

Do not Change the name codes

If you need to change user names, unit names, or pre-Windows 2000 group names, do not make these changes in Active Directory without analyzing and mapping the consequences. If you do, the transfer will report the changes as errors.

If you need to change, for example, the initials of a user, it is recommended that you delete this user and create a new one. After this, you will have to change the deactivated user to an active user on cases, objects protected with a user access code, personal and general drafts that has not been archived yet, ownerships of reminders, personal preferences in the user interface, and so on. You have to transfer, or mass edit, or move the ownership to the new user.

You should also configure the new user as the old user, see Apply security groups to users .

Domain Server Connection

For each domain server you must enter the name of the server (or its IP address). If the program is not running as a trusted user of the domain, you have to specify the user name and password of a user that has permissions to read in AD's file catalog. The domain name may also be entered as a LDAP distinguished name as: DC=scanjour,DC=dk.

The WorkZone Active Directory Connector supports specification of logon information to be used for reading from the domain. This information is stored in the XML configuration file in the form of a user name and a password in encrypted form.

As in earlier versions, it is still possible to avoid specifying any logon information in the WorkZone Active Directory Connector itself. Instead, it can be run under an account with the needed permissions to read from the domain.

The password is encrypted in such a way that it can only be decrypted on the same machine as the one that was used during encryption. Encryption happens when you click OK in the Domain Server dialog box where the logon information has been specified.

This means that if you move the XML configuration file to another server because you want to use it with WorkZone Active Directory Connector, you need to re-enter the password of the logon information in the Domain Server dialog box after having moved the XML configuration file to the new server.

Users

The Groups identifying ScanJour WorkZone users list in the Domain server window in WorkZone Active Directory Connector lists the global distribution groups that identify users to be transferred.

If a user is a member of more than one group, he/she is automatically assigned the highest security code.

OUs and Units

The Units list in the Domain server window in Active Directory Connector displays the Organizational units that identify the Organizational unit to transfer into units in WorkZone.

If the Recursive check box is selected for an Organizational unit, all underlying Organizational units will be transferred as well, see Register Organizational units in WorkZone Active Directory Connector, step 5.

The Scheduled Task Transfer

When your transfer runs without any errors (and the event log also has no errors) you must configure a scheduled transfer task at a regular interval between 2 hours and once a day, depending on the size of your organization.

You can set up a scheduled task from the wizard, see Create a scheduled task transfer

If you change your scheduled task or make changes to the configuration file, make sure that the configuration is reflected in the command line parameters, see Monitor the transfer .

Mapping the AD Fields to WorkZone Fields

The configuration file contains the information regarding which AD field is transferred to which WorkZone database field. This information can be maintained directly in the XML configuration file.

The XML file contains a number of <userField>, <UnitField>, and <CommitteeField> with specifications of what is transferred from where to where.

Changes can be made but consult your software provider and your KMD technician, see Field to field transfer between Active Directory and WorkZone and ADSI field names.