You will need to allow inbound traffic on ports 5600 & 5605 from 220.127.116.11 to the server where the AD Sync Engine is installed, and outbound traffic on port 5600 to 18.104.22.168. Please provide your Implementation Manager with the public IP address of the AD Sync Engine server once you have opened the ports.
The system can sync new and existing users into the CallTower environment, but existing users will not get their passwords synced until the first time they change the password in your environment after the client installation is complete.
Before you deploy the AD Sync Engine system, please install the prerequisites:
- .NET Framework 4.5
- SQL Express
- SQL versions 2012 and newer are recommended
- Extend Install Package
- ExtendASP Ion 6.6.133.zip
SQL Express can be installed on the server that will run AD Sync Engine, or on another server in the network. A full installation of SQL Server can also be used if desired. While not recommended, all components can be installed on a domain controller if desired.
Before installing the AD Sync Engine, please validate your user data. It is expected that your userPrincipalName will match the user’s email address set up in CallTower Connect. Typically, this is the user’s primary email address.
Configure SQL Prerequisites:
Switch SQL to Mixed Mode Authentication:
- Make sure during installation, that you set SQL to Mixed Mode.
If not using Express, do the following:
- Log into the SQL server on which you plan to install the EPS database
- Run SQL Server Management Studio
- Connect to the SQL instance
- In the Object Explorer pane, right-click the name of the server, and then click Properties.
- Go to the Security page.
- Under Server authentication, select SQL Server and Windows Authentication mode, then click OK.
- Restart the SQL service to bring the change into effect.
Create the ExtendAdmin SQL Login:
- In SQL Server Management Studio, expand Security (in the Object Explorer pane).
- Right-click Logins, and then click New Login.
- Enter ExtendAdmin as the Login name, and select SQL Server authentication. Enter a password, and clear the ‘enforce password expiration’ checkbox.
- Go to the Server Roles page, and select sysadmin. Then click OK.
Install AD Sync Database:
- You will find a folder “adsync db upgrader.zip” in the install package. Run the application (ExtendASP.DbUpgrade.Client.exe)
- You will need to set the SQL server address, and the password for ExtendAdmin.
- If the database doesn’t already exist, choose to create the database
- Upgrade the database to the latest build (if the target version dropdown is blank, you are at the latest build).
Install Ion System
- On your Engine Server run the IonCloudEngine installer.
- Make sure all the features are enabled:
- Click Next and continue until the installer is finished.
Create Security User and Groups in Active Directory:
- Navigate to the location C:\Program Files (x86)\ExtendASP\EPS\Ion Cloud Engine Config Utility
- Right click on the Ion Cloud Engine Utility program and Run as Administrator.
- Create passwords for the service accounts.
- Click Create AD Objects.
- At the end of this process, it will pop up a dialog window with some encrypted data in it. Select all the data in the window and save it to a text file. You will need to send this file to your Implementation Manager at CallTower.
AD Sync Setup:
- Click on the AD Sync Setup tab.
- AD Sync Environment Guide - this will be provided to you by your Implementation Manager.
- Preferred Domain Controller - enter the FQDN of a domain controller in the same site as this server.
- AD Sync Cookie File Path – enter the path of a local directory that the Engine can use to store temporary data.
- Database Settings
- Server Name – enter the FQDN of the SQL server. If SQL Express was installed locally, enter the FQDN of this server.
- Login Name and Password – enter the credentials of the SQL service accounts created earlier (usually ExtendAdmin)
- AD Sync Organization Units – click Add… and select any OUs in your environment that contain users with CallTower service.
Install EPS Ad Sync Password Monitoring:
- NOTE: This MUST be installed on each domain controller in any site where users have CallTower service.
- If not already present, download and install .NET Framework 4.5
- Run EPSAsyncSyncPasswordMonitor.exe and follow the instructions on the screens.
- Update the config file (C:\Program Files\ExtendASP\EPS\AD Sync Password Monitor\ExtendASP.EPS.ADSync.PasswordMonitor.exe.config)
- IonCloudEngineHostName – enter the FQDN of the AD Sync Engine server in your network
- IonCloudEngineAuthUsername – enter the userPrincipalName of the IonCloudEngineUser account created earlier
- IonCloudEngineAuthPassword – enter the password of the IonCloudEngineUser account
- To complete installation you will need to restart the domain controller.