Skip to main content
CallTower Solutions Center

AD Sync Product Training Guide

General Product Overview

AD Sync is a product CallTower customers can use to supplement our core product offerings. AD Sync simplifies the management of CallTower user accounts by synchronizing changes from a customer’s Microsoft Active Directory environment. AD Sync captures new users, disabled or deleted users, and password changes and synchronizes those in to CallTower Connect. It simplifies an admin or MPOC’s experience as it reduces the amount of management in CallTower Connect. It simplifies a user’s experience as it keeps passwords synchronized.

AD Sync is designed for larger customers (100’s+) or customers that have a lot of turnover. Because of the difficulty to install and additional resources required, it is not generally recommended otherwise. PasswordSync is the ideal solution if only password synchronization is required.

Attached above is the AD Sync vs PasswordSync Cheat Sheet.

Installation, Configuration and Support

AD Sync is often deployed during implementation, but can be done later. There are several steps the customer has to do, and several steps we (ASE team) have to do. The customer installation process can be found here: https://www.uc.solutions/Misc/AD_Sync/Deployment_Guide_for_AD_Sync. The CallTower configuration portion can be found in SharePoint here: https://appriver3651003900.sharepoint.com/Tech%20Docs/ASE/AD%20Sync.

It is common to have several back-and-forth conversations with the customer during the AD Sync Installation. It is generally recommended that once the customer and CallTower have done their steps, a screen-sharing meeting is scheduled to review proper installation and test functionality.

Once the solution is working, we have found it will continue to work unless the customer makes changes. Sometimes customer changes require us to make adjustments to accommodate.

Common Issues, Troubleshooting and Escalation

  • Initial Deployment of AD Sync: During the initial deployment of AD Sync, all issues should be handled by the ASE Team. Until the customer agrees that the product is working initially, send all tickets to ASE. There are simply too many configurations and possible options to address in this document.
  • Nothing is working; no passwords sync, new users don’t appear in Connect, users are not getting disabled/deleted in Connect, no synchronization, etc.
    • Confirm with the customer if it used to work. If it never worked, refer to “Initial Deployment of AD Sync” section above.
    • Reproduce the issue. Ask the customer to change a password of a user. After a couple minutes, ask them to try and log in to the Connect User Portal with the new password.
    • Find out what changed. Common changes:
      • Added or replaced a domain controller. The customer will need to follow the original deployment doc on the new domain controller.
      • Changed public IP address. The customer will need to provide the new IP address to us. Send a ticket to ASE with the new IP and ASE will update our configuration.
      • Firewall rules changed. The customer needs to confirm that outbound access to our IP address, 69.4.184.183, is open to TCP port 5600. The customer needs to confirm that inbound access to TCP ports 5600 and 5605 to their AD Sync server from our IP address.
    • Escalate ticket to ASE.
  • It works sometimes, or some users are syncing and others don’t
    • Reproduce the issue.
      • Ask the customer to change a password of a user. After a couple minutes, ask them to try and log in to the Connect User Portal with the new password. If the problem is intermittent, have them try several times, with different users, until it fails. Record the username and date/time of the password change that failed.
    • Find out what changed. Common changes:
      • Added or replaced a domain controller. The customer will need to follow the original deployment doc on the new domain controller.
    • Verify customer’s AD Sync Server is working
      •  Ask the customer to log on to their AD Sync server, and do the following:
        • Restart the service “Ion Cloud Engine” and confirm it starts up
        • Launch “Ion Config Utility” and click on the “AD Sync Setup” tab
        • Confirm the “AD Sync Organization Units” includes the correct OU’s where their users are located
        • Launch “Ion Cloud Engine Request Client”
        • Under “Scheduled Tasks”, highlight each task (there are 2) and click Submit for each one. If it fails, copy the XML output and send it to us. Try and decipher the problem. You may send the output to ASE to investigate.
    • Verify the UPN (Universal Principal Name) matches the account in Connect
      • The UPN from a customers Active Directory user object must match the e-mail address of the user in Connect. Ask the customer for the UPN of a user that didn’t sync and compare it to the same user in Connect.
    • Verify Connect is working
      • ​​​​​​​Send an example of a username and the date/time of a failed password change to DEV to investigate.
      • If DEV cannot see the password change attempt, escalate to ASE.

 

AD Sync & Password Sync Cheat Sheet

Click below: 

 AD-Sync + Password Sync Cheat Sheet.pdf

  • Was this article helpful?