AD Kit
Dataedo AD Kit is a command-line tool designed to synchronize your Active Directory (AD) groups and users with Dataedo Portal groups and users. It reads configurations from a file, queries the Active Directory for user information, and updates the Dataedo portal accordingly.
Configuring AD Kit
Download AD Kit
Download the latest version of ADKit.exe from the Dataedo download page.
Activate API access in Dataedo portal
To allow AD Kit to interact with the Dataedo Portal, you need to activate API access:
- Open System Settings in the Dataedo Portal.
- Enable the API connection.
- Copy the generated token.
You’ll need this token when configuring AD Kit.
Create the configuration file
Create a file named ADKit.conf in the same directory as ADKit.exe. Use the example below to define the connection and synchronization settings:
[LDAP]
HOST = 192.168.0.1
PORT = 389
# Alternatively, you can use the DOMAIN parameter instead of specifying HOST and PORT.
# DOMAIN = Dataedo
# Specify the container in Active Directory to limit the synchronization scope to a specific Organizational Unit (OU).
# CONTAINER = OU
USERNAME = {your_user_name}
# Provide the username for authenticating with Active Directory.
PASSWORD = {your_password}
# Provide the password for the specified Active Directory user.
[API]
TOKEN = {api_token}
# API token generated in the Dataedo Portal for authenticating API access.
URL = https://your-web-catalog-domain.com:6000
# Specify the base URL of your Dataedo Portal.
# For local installations, use the format: http://localhost:8081/api/
# You can verify the API host by inspecting the page source in Dataedo Portal under Applications > UI.
[SETTINGS]
AD_DISPLAY_NAME = displayName
# The Active Directory field mapped to the display name in the Dataedo Portal.
AD_EMAIL = mail
# The Active Directory field mapped to the email address in the Dataedo Portal.
AD_GROUP = WebCatalog
# The name of the Active Directory group that will be synchronized (source group).
WEB_GROUP = DataSteward
# The name of the group in the Dataedo Portal where users will be added (target group).
# To synchronize multiple Active Directory groups, append a numerical suffix to each AD_GROUP and WEB_GROUP pair:
# Example:
# AD_GROUP_1 = WebCatalog
# WEB_GROUP_1 = DataSteward
# AD_GROUP_2 = WebView
# WEB_GROUP_2 = DataViewer
CREATE_USERS = True
# When set to True, new users will be created in the Dataedo Portal during synchronization.
# When set to False, only group assignments will be updated for existing users.
DELETE_USERS = True
# When set to True:
# - Users removed from the specified Active Directory group(s) will be deleted from the Dataedo Portal.
# - If synchronizing multiple groups, users who are not part of any AD_GROUP and are removed from at least one WEB_GROUP will also be deleted.
# When set to False:
# - Users will be unassigned from groups in the Dataedo Portal but won't be deleted.
For multiple group synchronizations, use numbered suffixes:
Run AD Kit
Execute ADKit.exe
Run AD Kit via PowerShell:
- Open PowerShell.
- Navigate to the directory containing
ADKit.exeandADKit.conf. - Execute the tool:
AD Kit command-line options
You can customize execution using the following arguments:
| Short option | Long option | Description |
|---|---|---|
-q | --quiet | Run without displaying output or errors. |
-i | --input | Specify the path to the configuration file. For example ./ADKit.exe -i C:\path\ADKit.conf. |
-s | --simulate | Perform a dry run without making changes in the Dataedo Portal. |
-d | --debug | Display detailed error information. |
| N/A | --help | Show the help menu. |
| N/A | --version | Show the current version of AD Kit. |
Automating synchronization
To continuously synchronize AD and Dataedo Portal, schedule the execution of ADKit.exe in Windows Task Scheduler. For example, configure it to run every hour.
Troubleshooting
Below you can find common errors and their solutions:
| Error | Cause | Solution |
|---|---|---|
| Invalid syntax in configuration. | Incorrect CONTAINER or other parameters. | Review and correct the configuration file. |
Can't find group {GroupName} in WebCatalog. | Incorrect WEB_GROUP. | Update the WEB_GROUP value in the configuration file. |
Can't find property: {PROPERTY_NAME} | Misconfigured [LDAP] section. | Check and fix the field names or update your AD schema. |
| Failed to load configuration. | Duplicated or malformed entries in the file. | Validate and fix the configuration file. |
Group {GroupName} doesn't exist in Active Directory. | AD group not found. | Verify the group name in the configuration file or create the group in AD. |
Response status 400 (Bad request). | Incorrect URL. | Correct the URL in the [API] section. |
Response status 401 (Unauthorized). | API token issue. | Ensure API connection is enabled and save settings. |
| No connection could be made. | Incorrect [API] configuration. | Check the API hostname and port. |
Response status 404 (Not Found). | Portal server is offline. | Restart the server hosting the Portal. |
Best practices
Here are some best practices to ensure the secure and efficient use of Dataedo AD Kit:
- Make sure that the Dataedo Portal API is reachable from the machine running AD Kit.
- Regularly update AD Kit to use the latest features and fixes.
- Store sensitive credentials securely and restrict access to the configuration file.
