> For the complete documentation index, see [llms.txt](https://prohelp.assetpanda.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://prohelp.assetpanda.com/integrations-store/user-management/microsoft-active-directory-on-premises-integration.md). # Microsoft Active Directory On-Premises Integration You can install, configure, and use Asset Panda Pro's on-premises integration with Microsoft Active Directory (AD) to synchronize employee directories, manage users, and handle data collections. ## Prerequisites * Access to the Asset Panda Pro web application to download installation files and generate API keys * Administrative privileges on the Windows machine where the integration will be installed * Service account in Active Directory with read permissions for users and groups * Familiarity with Active Directory tools like Server Manager and ADSI Edit for retrieving the LDAP connection string * The machine must remain powered on and logged in for the background service to run scheduled syncs. {% hint style="info" %} The integration requires specific API permissions for user creation, which must be granted by Asset Panda support. Contact support with your API Client ID, Secret, account name, and module name to request these granular permissions. {% endhint %} *** ## Download installation files Obtain the installation files from the Asset Panda web application. 1. Log into Asset Panda Pro with an administrator account 2. Navigate to Settings icon **Settings** > **Account Management**. 3. Expand the appropriate account and module. 4. Click **Manage** in the **Integrations** card. 5. Select **Integrations Store**. 6. In the **Microsoft Active Directory** tile, click **Add**. The **Integrations in this module** tab is displayed. 7. In the **Microsoft Active Directory** tile, click **Configure**. 8. Under **Download desktop app**, download the two installation files to your Windows machine: * **Download app installer**: Download the Asset Panda Pro Installer for the UI application * **Download service scheduler**: Download the automatic background service for the scheduler that handles automated syncs. {% hint style="info" %} The UI application can run standalone, but the background service requires the UI app to be installed first, as configurations (for example, mappings) are managed via the UI. {% endhint %} ## Install the UI application {% hint style="info" %} You must install the UI application on a Windows machine. {% endhint %} 1. Double-click the **Asset Panda Pro Installer** file to launch the setup wizard. 2. Click **Next**. 3. Accept the default installation location, but change the installation scope to **Everyone** (for all users on the machine). 4. Click **Next** and continue through the wizard until installation completes. 5. Close the setup. An Asset Panda icon is added to the Desktop automatically. 6. Double-click the icon to launch the application. On first launch, an Automatic Sync screen is displayed. *** ## Set up connection details Configure connection settings for Asset Panda and Active Directory after launching the UI app. ### Asset Panda Pro (left panel) 1. Specify the following information: * **URL**: By default, this is set to the URL (for example, [api.assetpanda.com](http://api.assetpanda.com/)). * **API Client ID and Secret**: 1. Log into the Asset Panda Pro web app. 2. Click the settings icon and navigate to **API Configuration**. 3. If no API exists, create a new one: 1. Enter a name. 2. Select all accounts and modules for full access (or specific ones to limit the scope of sync). 3. Grant **Read**, **Write**, and **Delete** permissions. 4. Click **Save** to generate the Client ID and Client Secret. 4. Copy the Client ID into the **API Client ID** field. 5. Copy the Secret into the **API Client Secret** field. * **Email Address and Password**: Enter the credentials used to generate the API key. {% hint style="info" %} These API keys are the same as those used for other API-related tasks in Asset Panda Pro. Ensure the API has permissions for the accounts/modules you intend to sync. {% endhint %} ### Active Directory (right panel) 1. Specify the following information: * **Active Directory Connection String**: 1. Open **Server Manager** on your AD server. 2. Launch **ADSI Edit**. 3. Right-click and click **Settings**. 4. Copy the LDAP URL. 5. Paste the LDAP URL into the **AD Connection String** field. * **AD Username and Password**: Use a service account with read permissions for AD users and groups. 2. Click **Done** to validate credentials. * If validation is successful, you are redirected to the Automation Sync page. * If validation is not successful, an error is displayed. Correct and retry. *** ## Configure Automation Sync (scheduled synchronization in the UI) 1. On the **Automation Sync** page, set the sync schedule: * **Start Time**: Determines when the first sync should occur * **Repeat Interval**: Hourly, daily, and so on 2. Click **Submit**. A confirmation message is displayed. This sets the UI-based scheduler. For background automation, install the service in the following section. ### Map Active Directory users to Asset Panda Pro modules 1. Navigate to **User Mapping**. 2. Choose the following options: * **Account**: Select the appropriate account. Only accounts with API permissions are displayed. * **Module**: Automatically loaded based on the account * **Role**: Automatically loaded based on the module * **Active Directory Group**: Select the AD group to sync. 3. Map the mandatory user invitation fields: 1. **Email**: Assign to an AD field, such as mail or userPrincipalName (UPN). 2. **First Name**: Assign to givenName. 3. **Last Name**: Assign to sn (surname). 4. Click **Add** to save the mapping. Add multiple mappings as needed. 5. Click **Done**. Users from the selected AD group will be created in Asset Panda Pro with the specified role. ### Map Active Directory data to Asset Panda Pro collections 1. Navigate to **Collection Mapping**. 2. Specify the following information: * **Account** and **Module**. * **Asset Panda Collection**: Select the target collection. * **Active Directory Group**: Choose the group to sync. 3. Map fields: * **Unique Identifier**: Recommend objectSid (SID) for uniqueness * Other fields: Assign Active Directory properties. 4. (optional) For status tracking, create a field in the collection: 1. For **Name**, enter `Integration Status AD`. 2. For **Type**, select **Single Select List**. 3. Select the tracker options: Active, Inactive, or None. 4. The tool will autopopulate the details if they already exist. 5. Click **Add** to save mappings. Add multiple groups or collections as needed. 6. Click **Done**. {% hint style="info" %} * No granular API permissions are needed for collections. * Mappings are saved incrementally. Use :trash: to remove specific mappings. Each mapping is independent; if one fails, others proceed. {% endhint %} ### Install the background service for automated syncs (Scheduler) 1. Double-click the **Automatic Background Service** installer. 2. Click **Next** and then set the scope to **Everyone.** 3. Click **Next** to proceed. The installation completes and confirms the service has started. 4. Check **Task Manager > Services** to verify that the service is running. The service reads configurations from the UI app and runs syncs automatically based on the schedule. ### Sync management and troubleshooting #### Running Syncs The following sync types can be initiated and monitored. * **Manual Sync**: Click **Start Sync** in the UI. View progress in logs. * **Automated Sync**: Handled by the background service based on your schedule. Monitor UI logs for status. Syncs process users and collections independently and sequentially to prevent API overload. Verify data in the Asset Panda Peb web app. #### Common issues | Issue | Resolution | | ----------------------- | ------------------------------------------------------------------------------------------------- | | **Invalid Credentials** | Verify API keys, AD username/password, and LDAP string. | | **Roles Not Loading** | Contact support for granular API permissions. | | **Sync Failures** | Check if unique fields are set correctly; confirm AD group data. Review logs and adjust mappings. | | **Service Not Running** | Restart in **Task Manager > Services** or reinstall. | {% hint style="info" %} For large datasets, syncs may take up to 1 hour, scheduled infrequently. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://prohelp.assetpanda.com/integrations-store/user-management/microsoft-active-directory-on-premises-integration.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.