User import from Active Directory
Active Directory users who are members of a given AD security group are automatically imported into STARFACE. Imports can optionally be scheduled and re-occurring (assuming sufficient free STARFACE user licenses).
User properties such as first name, last name, email address and any number of phone numbers (business phone, fax, ...) are taken into account.
Phone numbers that match the STARFACE line configuration are assigned to users as their phone numbers. For fax numbers, Software Fax2Mail is configured for the user and the corresponding number.
If several users in the Active Directory have the same phone number, the module creates a STARFACE user group during import and assigns the ambiguous phone number as well as the associated users to this group. In addition, a mapping between AD security groups and STARFACE user groups can be created in the module so that members of the AD security groups automatically become STARFACE group members.
Users who are members of an admin security group in the Active Directory are granted admin rights when imported into STARFACE. Admin users are imported first.
If there are STARFACE users that have no equivalent in Active Directory, these users are renamed by placing a dash in front of their last name. This indicates that the user has been deleted in Active Directory and can therefor also be deleted on STARFACE. The Active Directory Synchronisation module itself will not delete users in order to not lose any existing call list information, faxes or voicemails (or in general: any data).
In addition, all telephone numbers (with the exception of the primary internal telephone number) are withdrawn from a user who only exists in STARFACE, so that the telephone numbers are again available to other users. If this is to be prevented (e.g. for users who do not exist in the AD, such as door intercoms, fax machines, etc.), the user must be assigned admin rights (in STARFACE rights management).
External phone numbers from the Active Directory configuration must be part of the STARFACE line configuration so that they can be taken into account.
To assign an internal phone number to a user, this internal phone number must be stored as an additional phone number in the Active Directory - in addition to external phone numbers.
If users are no longer existent in the AD, the module withdraws their phone numbers from the corresponding STARFACE users. Please make sure that you do not unintentionally withdraw the phone numbers of users by moving AD users from the path specified in the module, changing the AD user groups or changing the email address and the user name in the AD in such a way that an assignment between STARFACE user and AD user is no longer possible.
Preparation for the AD import
- Import the "Active Directory Synchronisation" module into your STARFACE PBX, create a module configuration for the module and paste the module license key in the provided form field.
- Activate AD authentication in STARFACE. The connection of STARFACE to the AD is also used by the module itself.
Please make sure that the connecting user has sufficient rights for the AD connection to read all attributes(!) of the person objects.
- Create one or more lines in the line configuration of your STARFACE to make the phone numbers configured in the AD available on the STARFACE.
- Create two security groups in the AD that contain the users to be imported. One security group is intended for normal users, the other for admin users with elevated privileges.
- Enter the paths to these security groups in the module.
- Enable AD Import
We recommend that you delete all users (except an administrator) in STARFACE before importing so that as many phone numbers as possible can be freely assigned.
Checklist for AD Import / Troubleshooting
- Make sure that you use a suitable module for your STARFACE version.
- Make sure that the correct module license key is entered in the module configuration (not the server license key!)
- Make sure that all users have a unique email address that matches the Active Directory email address (case sensitive).
Users who do not exist in the AD require a unique dummy e-mail address in STARFACE.
- Make sure that there are no phone number collisions in the Active Directory (ambiguously assigned numbers). Phone numbers should only be assigned to one user unless you want the phone number to be assigned to a user group.
- Make sure that external phone numbers in the Active Directory match the STARFACE line configuration.
- Choose one of two AD/STARFACE user mappings (see documentation within the module). Mixed operation is not supported.