Introduction

With the new Symphony AC Active Directory Integration service, IT and Physical Security can now operate seamlessly for the centralized management of personnel data. The service gives users the ability to send new, updated, and disabled accounts from the Active Directory and synchronize it to Symphony AC automatically. This eliminates the need to update personnel data in two different systems manually while also automatically associating personnel data to door access rights in the Symphony AC software, known as the AD Group Membership to Symphony AC Access Levels linking. This document will detail how to set up this integration.

Prerequisites

  • Active Directory Integration license. If not available, please contact Senstar PSG for pricing.
  • Symphony AC v 10.8.11 or higher
  • Data Import Utility Active Directory installer (DIU_Active_Directory.exe)
  • Active Directory Group Membership description MUST match the description of the Access Levels in Symphony AC.

A. Installation

  1. Newly Install or Upgrade Symphony AC to version 10.8.11 or higher.
  2. Install the supported Active Directory integration files by running the DIU_Active_Directory.exe file.

B. Configuration

  1. Launch Symphony AC.
  2. Go to Utilities and click on Data Import Utility.
  3. In Step 1: Select a Source Data File:

a. In the Type: field, select Active Directory.

b. In the Domain field, enter: LDAP://AD_Server_Name/OU=Employees,DC=ps,DC=Senstar,DC=local

Note: make sure ‘LDAP’ is capitalized. After the server name, enter the lDAP string to the location where the AD accounts are located.

c. In the User field, enter the name of the Domain Admin account.

d. In the Password field, enter the password for the Domain Admin account.

e. Click on the ‘Table’ icon to the right to open the Data Fields window. In the window, select all the available AD attributes for the accounts that you want to import into Symphony AC, such as givenName, initials, sn, etc. Make sure to also select the ObjectGUID attribute. The click OK.

f. In Step 2: Preview the Data File, you should now see the AD accounts with the associated attributes in columns, as well as the total count of records.

g. In Step 3: Personnel Field Mapping, map the fields to Step 2 accordingly. Make sure to map the ‘ObjectGUID’ attribute from Step 2 to one of the Custom fields in Step 3. This ObjectGUID will be used as the unique identifier value to perform updates of user records.  

h. At the top of the Data Import Utility, select “Options” and click on “Index Based on Personnel Field. Select the Custom Field that was used to store the ObjectGUID. In this example, the ObjectGUID is stored in Custom2.

i. Perform your initial import by clicking on the Begin Import button at the bottom right of the Data Import Utility.

j. After the initial import is completed, change the import type from Manual Import to Auto Sync.

k. To test the integration, Add a new record in Active Directory. Launch Symphony AC, navigate to the Personnel Manager, and you should now see the new record added. Any changes to UPDATES, DISABLE ACCOUNT, and ENABLE ACCOUNT in AD will also be updated for that record in Symphony AC.

C. Running the AD Integration as a Windows Service

  1. With the Data Import Utility AD integration set to ‘Auto Sync’, close the utility completely.
  2. Next, launch a Command Prompt.
  3. Change the path to “c:\Program Files (x86)\Symphony AC>”.
  4. Type: Data_Import -install and press Enter.
  5. A message box will display with a message that the Access Control Data Import Service Installed Successfully.
  1. Launch Windows Services and locate the service called ‘Access Control Data Import’.
  2. Set the ‘Log On As’ to use the same account that runs the Symphony AC service.
  3. Start the service. Setup is now complete.