Skip to main content
All CollectionsApps [EU]Directory
Active Directory Application
Active Directory Application

Learn more about the Active Directory application and how to automatically import employees into your Envoy directory.

Updated over a month ago

How does this application work?

The Active Directory (AD) app differs from cloud-based tools like G Suite, Okta, or OneLogin. This application automatically creates and uploads a CSV from your AD instance. To do this, your IT team must install a cron script on your server.

Important Notes:

  • To run Active Directory sync please make sure you are running Powershell version 3.0 or greater.

  • In order for Active Directory to sync, Envoy requires that all users have at least a name and valid email.

Enabling the Envoy + Active Directory application

  1. Go to Apps > All Apps.

  2. Under Directory and SSO, select "Directory settings" and navigate to Active Directory. Click “Install.”

Step 1: Run initial sync

  1. Locate Your CRON script, and copy the script found there. Save it as envoy-ad-sync.ps1 on your server.

  2. Read through the top part of the script and customize the variables from the plugin configuration to match your organization’s implementation.

    1. This typically means setting the correct Organizational Units (OU’s) and optionally customizing where the sync will save its temporary files.

  3. Run the script via command prompt or PowerShell to verify that the script is correctly syncing users with Envoy. You should be able to confirm the sync is running back on the Envoy dashboard by seeing details on when your last sync ran.

Step 2: Setting up the script to run via Task Scheduler

After running the initial sync, you can schedule the script to run automatically.

  1. Open Task Scheduler: On the computer where the script is located, access the Task Scheduler. You can do this by searching for "Task Scheduler" in the Windows Start menu.

  2. Navigate to Task Scheduler Library: Once Task Scheduler is open, look for the "Task Scheduler Library" in the left-hand panel and click on it.

  3. Create a New Task: Select the “Create Task” option from the right-hand actions panel to begin setting up your new task

  4. Schedule your script to run daily by creating a new trigger.

    1. Access Trigger Settings: In the "Create Task" dialog, navigate to the "Triggers" tab at the top of the window.

    2. Add a New Trigger: Click on the "New..." button at the bottom of the window to open the "New Trigger" dialog.

    3. Configure the Trigger:

      • Begin the task: Choose the option "On a schedule" from the drop-down menu to set the task to run based on a specific schedule.

      • Settings: Select the "Daily" option. This setting will configure the task to repeat every day.

      • Start Time: Set the start time to ensure the script runs at your specified time (script is set to 1AM in the example).

      1. Confirm and Save: Click "OK" to save the trigger settings

FAQ

How to alter the script to use a different variable such userPrincipleName:

  • Replace "mail" with "userPrincipleName" in the script per the screenshot below

How to exclude a sub OU?

  • Add the following to the "Get-ADUser" line of code.

  • $out += Get-ADUser -searchbase $ou -Properties * -Filter "(mail -like '*@*') -and (Enabled -eq 'True')" | ? {$_.DistinguishedName -notlike "*,OU=[INSERT OU NAME],OU=[INSERT OU NAME]*"} |


Related Articles
Setting up the directory
About the directory
Okta
Microsoft Entra ID Integration
Google Workspace
Did this answer your question?