Pronestor supports Active Directory integration, so you can import your users directly from Active Directory instead of creating them inside Pronestor. This allows your IT administrators to maintain Pronestor users through Active Directory groups, simplifying their jobs.

Pronestor uses a Service Account in the Active Directory import. Set the Service Account’s password to never expire and give the service account read rights to the entire Active Directory.

Create a Service Account with permissions to read from the Active Directory, write to the Pronestor SQL database, and run a scheduled task.

Please note: We recommend to use the same Service Account as when creating the Pronestor database.

Create a Service Account with permissions to read from the Active Directory and run a scheduled task.

Please note: We recommend to use the Pronestor SQL user account for the Pronestor database.

When running an on-premises solution the Active directory integration is an integrated part of the Administration Module in Pronestor. It just needs to be configured.

First create the Active Directory import in Pronestor.

Then you get the new window you can fill out. In this example I named it Active directory.

Relative path can just be *

Your import will now run daily at your chosen time.

Please note, if the import runs at the same time as any application pool recycling on the server, the import will fail. You can avoid this by moving the daily run time of the ad import.

Go to https://downloads.pronestor.com/ and download ADIntegration.zip.

Unzip the ADIntegration.zip. Place the folder on a server that can run a scheduled task.

The folder contains a file named ADIntegration.exe.config

Edit it with a text editor like notepad. Edit this part:

Usually the service running the scheduled task has read rights to the Active Directory, which allows us to leave the user and password blank. That means they should look like this:

If the service doesn't have read rights to Active directory, you have to insert login and password instead.

The config file needs to know the path to the domain controller. It can be an IP address, a DNS name or similar. Please insert it here:

This part here needs the path to the OU where you created the Active Directory groups. It is case sensitive.

Lastly you can limit the groups that are read. This can be handy if you placed the Active Directory groups with other groups in your Active Directory. You do that here, by entering the prefix of the group. If you used our recommendations, that would be Pronestor

Save and close the notepad. The Active Directory import is now configured, but it needs to be setup as a scheduled task and sent to your Planner site.

How to create the scheduled task for creating the userfile:

Open the Task Scheduler on the server, and create a new scheduled task

We are only interested in the first 3 tabs. Here is an example of how it could be set up. The task needs to call the ADIntegration.exe file in the folder you unzipped.

The general tab is where you name and describe the task. Please choose "Run whether user id logged on or not" since we want it to run on a schedule.

The next tab is Triggers. Please press "New"

In this example the task will run at 2am every night.

Then we go to the tab Actions and choose "New".

In "Program/script" please find the path for the ADIntegration.exe file and choose it. Then fill it out like this and press "OK".

Press "OK" again and the task is set up. This task will create an ADdump.txt file in the same folder as the ADIntegration.exe file. The ADdump.txt file contains the Active Directory information that Pronestor needs to import the users.

How to create the scheduled task:

Send:

To [email protected] and ask for an AD import script.

We will send back a PowerShell script. The script imports your users whenever it is run

To run the script automatically you need to setup a scheduled task on the server. See this guide on how to setup a scheduled task : https://community.spiceworks.com/how_to/17736-run-powershell-scripts-from-task-scheduler

Consider when you want the import to run. You don't want it during business hours.