Ctrlk

Microsoft Active Directory On-Premises Integration

You can install, configure, and use Asset Panda Pro's on-premises integration with Microsoft Active Directory (AD) to synchronize employee directories, manage users, and handle data collections.

Prerequisites

  • Access to the Asset Panda Pro web application to download installation files and generate API keys

  • Administrative privileges on the Windows machine where the integration will be installed

  • Service account in Active Directory with read permissions for users and groups

  • Familiarity with Active Directory tools like Server Manager and ADSI Edit for retrieving the LDAP connection string

  • The machine must remain powered on and logged in for the background service to run scheduled syncs.

The integration requires specific API permissions for user creation, which must be granted by Asset Panda support. Contact support with your API Client ID, Secret, account name, and module name to request these granular permissions.

Download installation files

Obtain the installation files from the Asset Panda web application.

  1. Log into Asset Panda Pro with an administrator account

  2. Navigate to Settings icon Settings > Account Management.

  3. Expand the appropriate account and module.

  4. Click Manage in the Integrations card.

  5. Select Integrations Store.

  6. In the Microsoft Active Directory tile, click Add. The Integrations in this module tab is displayed.

  7. In the Microsoft Active Directory tile, click Configure.

  8. Under Download desktop app, download the two installation files to your Windows machine:

    • Download app installer: Download the Asset Panda Pro Installer for the UI application

    • Download service scheduler: Download the automatic background service for the scheduler that handles automated syncs.

The UI application can run standalone, but the background service requires the UI app to be installed first, as configurations (for example, mappings) are managed via the UI.

Install the UI application

You must install the UI application on a Windows machine.

  1. Double-click the Asset Panda Pro Installer file to launch the setup wizard.

  2. Click Next.

  3. Accept the default installation location, but change the installation scope to Everyone (for all users on the machine).

  4. Click Next and continue through the wizard until installation completes.

  5. Close the setup. An Asset Panda icon is added to the Desktop automatically.

  6. Double-click the icon to launch the application. On first launch, an Automatic Sync screen is displayed.

Set up connection details

Configure connection settings for Asset Panda and Active Directory after launching the UI app.

Asset Panda Pro (left panel)

  1. Specify the following information:

    • URL: By default, this is set to the URL (for example, api.assetpanda.com).

    • API Client ID and Secret:

      1. Log into the Asset Panda Pro web app.

      2. Click the settings icon and navigate to API Configuration.

      3. If no API exists, create a new one:

        1. Enter a name.

        2. Select all accounts and modules for full access (or specific ones to limit the scope of sync).

        3. Grant Read, Write, and Delete permissions.

        4. Click Save to generate the Client ID and Client Secret.

      4. Copy the Client ID into the API Client ID field.

      5. Copy the Secret into the API Client Secret field.

    • Email Address and Password: Enter the credentials used to generate the API key.

These API keys are the same as those used for other API-related tasks in Asset Panda Pro. Ensure the API has permissions for the accounts/modules you intend to sync.

Active Directory (right panel)

  1. Specify the following information:

    • Active Directory Connection String:

      1. Open Server Manager on your AD server.

      2. Launch ADSI Edit.

      3. Right-click and click Settings.

      4. Copy the LDAP URL.

      5. Paste the LDAP URL into the AD Connection String field.

    • AD Username and Password: Use a service account with read permissions for AD users and groups.

  2. Click Done to validate credentials.

    • If validation is successful, you are redirected to the Automation Sync page.

    • If validation is not successful, an error is displayed. Correct and retry.

Configure Automation Sync (scheduled synchronization in the UI)

  1. On the Automation Sync page, set the sync schedule:

    • Start Time: Determines when the first sync should occur

    • Repeat Interval: Hourly, daily, and so on

  2. Click Submit. A confirmation message is displayed.

This sets the UI-based scheduler. For background automation, install the service in the following section.

Map Active Directory users to Asset Panda Pro modules

  1. Navigate to User Mapping.

  2. Choose the following options:

    • Account: Select the appropriate account. Only accounts with API permissions are displayed.

    • Module: Automatically loaded based on the account

    • Role: Automatically loaded based on the module

    • Active Directory Group: Select the AD group to sync.

  3. Map the mandatory user invitation fields:

    1. Email: Assign to an AD field, such as mail or userPrincipalName (UPN).

    2. First Name: Assign to givenName.

    3. Last Name: Assign to sn (surname).

  4. Click Add to save the mapping. Add multiple mappings as needed.

  5. Click Done. Users from the selected AD group will be created in Asset Panda Pro with the specified role.

Map Active Directory data to Asset Panda Pro collections

  1. Navigate to Collection Mapping.

  2. Specify the following information:

    • Account and Module.

    • Asset Panda Collection: Select the target collection.

    • Active Directory Group: Choose the group to sync.

  3. Map fields:

    • Unique Identifier: Recommend objectSid (SID) for uniqueness

    • Other fields: Assign Active Directory properties.

  4. (optional) For status tracking, create a field in the collection:

    1. For Name, enter Integration Status AD.

    2. For Type, select Single Select List.

    3. Select the tracker options: Active, Inactive, or None.

    4. The tool will autopopulate the details if they already exist.

  5. Click Add to save mappings. Add multiple groups or collections as needed.

  6. Click Done.

  • No granular API permissions are needed for collections.

  • Mappings are saved incrementally. Use to remove specific mappings. Each mapping is independent; if one fails, others proceed.

Install the background service for automated syncs (Scheduler)

  1. Double-click the Automatic Background Service installer.

  2. Click Next and then set the scope to Everyone.

  3. Click Next to proceed. The installation completes and confirms the service has started.

  4. Check Task Manager > Services to verify that the service is running.

The service reads configurations from the UI app and runs syncs automatically based on the schedule.

Sync management and troubleshooting

Running Syncs

The following sync types can be initiated and monitored.

  • Manual Sync: Click Start Sync in the UI. View progress in logs.

  • Automated Sync: Handled by the background service based on your schedule. Monitor UI logs for status.

Syncs process users and collections independently and sequentially to prevent API overload. Verify data in the Asset Panda Peb web app.

Common issues

Issue
Resolution

Invalid Credentials

Verify API keys, AD username/password, and LDAP string.

Roles Not Loading

Contact support for granular API permissions.

Sync Failures

Check if unique fields are set correctly; confirm AD group data. Review logs and adjust mappings.

Service Not Running

Restart in Task Manager > Services or reinstall.

For large datasets, syncs may take up to 1 hour, scheduled infrequently.

PreviousGoogle Workspace IntegrationNextMicrosoft Entra ID Integration

Last updated