adc admin guide.pdf

8/19/2019 ADC Admin Guide.pdf

1/31

Citrix Active Directory Connector Administration Guide

GoToMeeting, GoToWebinar, GoToTraining, & OpenVoice

7414 Hollister Avenue • Goleta CA 93117

http://support.citrixonline.com

© 2014 Citrix Online, LLC. All rights reserved.

http://support.citrixonline.com/http://support.citrixonline.com/http://support.citrixonline.com/


2/31


Contents

Citrix Act ive Directo ry Connector ................................................................................. 1

Managing Users ............................................................................................................ 2

Provisioning ................................................................................................................... 2

Alternate Provisioning Solution ..................................................................................... 2

Install the Citrix Active Directory Connector ............................................................... 3

Update the Citrix Active Directory Connector ............................................................. 4

Unins tall the Citr ix Act ive Directo ry Connector .......................................................... 5

Citr ix Acti ve Directory Connector requi rements ......................................................... 6

Citrix Accounts Requirements ....................................................................................... 6

Active Directory Requirements ...................................................................................... 6

System Requirements ................................................................................................... 6

Firewall Settings ........................................................................................................ 6

Attributes used to access the Active Directory .......................................................... 7

Acqu ire a consumerKey for the ADC............................................................................ 8

Launch the Active Directory Connector ....................................................................... 9

Launching the ADC ....................................................................................................... 9

Connect Active Directory and Citri x Accounts .......................................................... 10

Assign Active Directory groups .................................................................................. 11

Edit or delete a group assignment ........................................................................... 12

Manage ADC provis ioning options ............................................................................. 13

Modify ADC provisioning options ................................................................................ 13

Modifying email Accounts for Testing ...................................................................... 13

Prov is ion Users ............................................................................................................. 14

Start the ADC .............................................................................................................. 16

1. Match valid Active Directory Users ......................................................................... 16

2. Provision all matched and new Active Directory users ........................................... 18

3. Review and modify Citrix-only users ....................................................................... 19

Run the ADC .................................................................................................................. 20

Run the ADC ............................................................................................................... 20

Adding users ............................................................................................................... 21

Deleting users ............................................................................................................. 21

© 2014 Citrix Online, LLC. All rights reserved. i


3/31


Set up Active Directory Connector logging ............................................................... 22

Set up logging in the Active Directory Connector ....................................................... 22

Locate ADC log files in the Windows Event Viewer .................................................... 23

Set up email notification for ADC errors .................................................................... 24

Create an email task in the Windows Event Viewer ................................................... 24

Specify when the notification email is sent using the Windows Task Scheduler ........ 25

Test the configuration .................................................................................................. 26

Set up email notification for ADC status .................................................................... 27

Create a scheduled task in the Windows Task Scheduler .......................................... 27

Specify when notification email is sent ....................................................................... 27

Email output example .................................................................................................. 28

© 2014 Citrix Online, LLC. All rights reserved. ii


4/31


Citrix Active Directory Connector

The Citrix Active Directory Connector (ADC) manages provisioning for GoToMeeting, GoToWebinar,GoToTraining and OpenVoice user accounts in organizations using Active Directory. The ADC queries

Active Directory groups and users and connects with the Citrix Admin Portal to match or create accounts

for new and existing users, or remove accounts for departing users. The ADC allows your IT departmentto define and maintain provisioning policies for Citrix products and apply them automatically andconsistently.

The ADC does not address authentication or authorization of users except to ensure they have (or do nothave) a viable Citrix account. Users will stil l need to sign-on to the account with their user credentialswithin their Windows environment. Other Citrix SaaS products – GoToAssist, GoToMyPC, Sharefile andPodio – use different protocols for provisioning. Do a web search for the product name and “provisioning”or “user management” to locate the provisioning solutions for each.

Implementation of the Citrix Active Directory Connector consists of installing the ADC, connecting the ADC to specific Active Directory groups, and running the ADC. This queries the Active Directory groupsand your corporate Citrix account. All identified users are displayed in a User page.

© 2014 Citrix Online, LLC. All rights reserved. 1


5/31


Managing Users

Most customers have an existing Citrix account with a set of current users. The ADC User page providesa procedure administrators can follow to manage the different user groups in a manner appropriate totheir organization. The procedure addresses and clears the simplest (and usually the largest number of)cases first, resulting in a refined list of user cases that need additional attention. The process to provision

for the first time, or for newly added Active Directory groups, is:

Start the ADC - This queries the linked Active Directory groups and your Citrix account and displaysall the users in the ADC Users page. You can now work with your users in three basic steps.

1. Recognize existing Citrix account holders to avoid reprovisioning. To do this, use Automaticmatching to link Active Directory users to existing Citrix accounts where the emails are identical. Thenmanually match accounts where the same user has different credentials for the two accounts.(Alternately, you can delete the Citrix account and reprovision the user under their Active Directorycredentials.)

2. Provision all new Active Directory users. This clears the Active Directory queue (unmatched ADusers) of all but users with incorrect Active Directory data. Fix the data and these users will beprovisioned automatically the next time you start the ADC.

3. Finally, review and correct as needed users with Citrix accounts and no Acti ve Directoryaccount. These may be Unix or Mac users, contractors, or other special cases. Create equivalent

Active Directory accounts if you want to ensure all Citrix account management can be done bymanaging your Active Directory groups.

Provisioning

Users provisioned through the ADC receive an enrollment email. The email directs them to login, wherethey will change their password, and then have access to a Citrix account. They can login on theirWindows desktop, through a browser, or on a mobile device. They can also access their accountsthrough extensions for applications such as Outlook, Salesforce and Google Calendar.

For small changes of one to several users, the provisioning or deprovisioning can occur in a matter of

minutes. If you are provisioning hundreds or thousands of users, a general rule of thumb for a averagesystem is 1000 provisioning requests per hour.

Any changes to users in the provisioned Active Directory groups or users is reflected in the ADC andpassed to the Citrix Admin Portal. Provisioning is fully automated and your users have full access to CitrixSaaS business tools.

Under normal operations, the ADC polls the Active Directory at the interval you set (see Managing Usersafter Implementation).

Alternate Provisioning Solution

With some additional implementation, an organization can provision and deprovision users more directly

and with greater precision. The Citrix SaaS developer portal – developer.citrixonline.com – includes theCitrix Administration APIs. These APIs let you create a standalone application to provision your users,and offers greater control over the process. You can specify account attributes by product and by user,setting such options as whether the user’s webcam is enabled, whether toll or VoIP access is available,and how the user’s chat will work during online sessions.

A Powershell code sample is available on the developer site for .NET. This sample can be reused incompatible .NET environments to provision users for GoToMeeting, GoToTraining, GoToWebinar, andOpenVoice.


https://developer.citrixonline.com/https://developer.citrixonline.com/https://developer.citrixonline.com/https://developer.citrixonline.com/


6/31


Install the Citrix Active Directory Connector

The Citrix Active Directory Connector is a desktop application and uses a standard InstallShieldexecutable.

1. Download the Citrix Active Directory Connector Setup file.

NOTE: This link launches the download of the install executable.

2. Run the Citrix Active Directory Connector Setup.exe file. The InstallShield Wizard will guide youthrough the installation. Click Next on each screen to continue.

3. Click Install > Finish to exit the wizard and complete the installation.

4. Click the new desktop shortcut , named Launch ADCAdminUI, to start the ADC.


http://support.citrixonline.com/meeting/downloaddocument/G2MD00050http://support.citrixonline.com/meeting/downloaddocument/G2MD00050http://support.citrixonline.com/meeting/downloaddocument/G2MD00050http://support.citrixonline.com/meeting/downloaddocument/G2MD00050


7/31


Update the Citr ix Active Directory Connector

To update the Active Directory Connector, download and launch the latest ADC installation executable. All existing ADC configurations are preserved through the update process. When you relaunch the ADC,all your users, groups and provisioning rules are intact.

See System Requirements.

NOTE: you can view the current version you have installed, but the download page and .ZIP filename have no reference to theversion they represent. In general, you would need to contact Global Support to determine the currently available ADC versionnumber.

1. To verify your current installed version, open the Operations tab and check the version number.

2. Download the current Citrix Active Directory Connector Setup file.

NOTE: This link launches the download of the install executable.

3. Run the Citrix Active Directory Connector Setup.exe file.

4. When prompted to perform an upgrade, click Yes.

5. When the installer launches, click Next > Finish to complete the upgrade.

6. Launch the ADC application.

7. Open the Operation tab and choose Start to start the ADC service.


http://support.citrixonline.com/meeting/downloaddocument/G2MD00050http://support.citrixonline.com/meeting/downloaddocument/G2MD00050http://support.citrixonline.com/meeting/downloaddocument/G2MD00050http://support.citrixonline.com/meeting/downloaddocument/G2MD00050


8/31


Uninstall the Citr ix Active Directory Connector

You can remove the Citrix Active Directory Connector application from the host machine, and also deleteall ADC configuration files.

IMPORTANT: The impact of an uninstall will be the loss of all provisioning for all users represented in the ADC. If you delete the

configuration file, recovery consists of redefining the ADC groups and users, and reconfiguring any provisioning rules.

1. Open or download the Citrix Active Directory Connector Setup file.

2. Click Remove to uninstall ADC from your computer. If you want to remove the configuration files,click Remove configuration from harddisk.

3. Once the Active Directory Connector Administration application has been uninstalled, click Finish toexit the installer.



9/31


Citrix Active Directory Connector requirements

There are three areas of requirements to use the Citrix Active Directory Connector (ADC) effectively:Citrix Accounts, your Active Directory implementation, and the Windows requirements for the ADC hostmachine.

Citrix Accounts Requirements

• A corporate administrator account for GoToMeeting and/or OpenVoice Corporate. The GoToMeetingbase account is configured with seats for GoToMeeting, GoToTraining and GoToWebinar.

• Each administrator account is limited to 16,000 user accounts

• A Citrix Developer consumerKey set to Production level (used by ADC to communicate with Citrixservers). See Acquire a consumerKey.

Active Directory Requirements

• An Active Directory Service account. The account must have read access and the passwordshould not expire.

• An Active Directory forest with Windows Server 2003 functionality.

System Requirements

• Operating System: Windows Server 2008 R2 (not necessarily a domain controller)

• Software: Microsoft® .NET Framework 4.5 update (included in the ADC installer if needed).

• Memory: 2GB RAM or greater recommended

• Available disk space: Minimum 200MB (depending on log level and storage period)

• Display: Minimum 1024 x 768

• Internet connection:The ADC connects to developer.citrixonline.com via the Internet

Firewall Settings

Firewall settings should be configured as follows:

Use Case :Interface for provisioning pi.citrixonline.com:443

Insecure connections Active Directory Domain Controller:389 (LDAP)

Secure connections Active Directory Domain Controller:636 (LDAPS)

Global Catalog, Insecure connections Active Directory Domain Controller:3268 (LDAP)

Global Catalog, Secure connections Active Directory Domain Controller:3269 (LDAPS)

Insecure/secure connections via STARTTLS[1]

SMTP server : 25Secure connections[1] SMTP server : 465

1. Optional; useful if sending Windows Event logs via email



10/31


Attr ibutes used to access the Active Directory

The following group and user attributes are used to collect info about groups or members from your Active Directory. The data in these attributes must be valid based on the rules for that attribute (e.g., datatype, legal characters, existence of required data, etc.). See Provision Users.

Required attributes Group User distinguishedName X X

objectSID X X

uSNChanged X X

member

X

mail X

name

X

userAccountControl X

aAMAccountName X

sn X

givenName X

accountExpires X



11/31


Acquire a consumerKey for the ADC

A developer consumerKey (or APIKey) is required to communicate on a trusted basis with Citrix servers.To implement the Active Directory Connector, you must create a developer account with Citrix, and thenrequest that the account be set to Production status.

NOTE: This procedure assumes you have an active Citrix corporate account, and that you have the Administrative login for the account. If you do not have a corporate account, contact Citrix sales.

1. Register for a development account at https://developer.citrixonline.com/user/register.

2. Create an app on the site for GoToMeeting or OpenVoice. GoToMeeting provides the organizeraccount needed to connect with the Citrix Admin Portal for GoToMeeting, GoToTraining andGoToWebinar. Save the app, and when you open the app on the My Apps page, the consumerKey isdisplayed on the Keys tab.

You can access the MyApps page at any time from the Home page (developer.citrixonline.com): clickBuild ing with access to a key.

3. All new developer accounts are Test accounts by default and lack adequate permissions to manageusers and provisioning. Set your developer account to Production status by emailing [email protected] and requesting that your account be changed to Production for the ActiveDirectory Connector.

Include the following information:

• consumerKey

• Application Name: AD Connector

• App Product: GoToMeeting

• Application URL: your company’s home page

• Number of anticipated provisioned accounts


http://www.gotomeeting.com/online/meeting/contact-saleshttp://www.gotomeeting.com/online/meeting/contact-saleshttp://www.gotomeeting.com/online/meeting/contact-saleshttp://www.gotomeeting.com/online/meeting/contact-sales


12/31


Launch the Active Directory Connector

Citrix Active Directory Connector (ADC) is a desktop application and underlying Windows service. Launchthe application from the Start menu, an icon on your desktop, or from the Application folder.

Launching the ADC

1. Locate the Citrix ADC on your computer:

• Desktop icon:

• Start menu

• From the installation folder

2. Double-click to start the application. The ADC opens on the Operations tab. Do not click Start untilyou have connected to the Active Directory and identified the provisioning groups and rules.

3. Next step: connect the ADC to your Citrix SaaS applications.



13/31


Connect Active Directory and Citrix Accounts

The Citrix Active Directory Connector (ADC) connects your Active Directory instance and the Citrix AdminPortal for your corporate Citrix account. This procedure configures that connection.

1. Open the Citrix Active Directory Connector (ADC) and select the Connections tab.

2. In the Active Directory section, enter the following information from the Active Directory:

• URL of domain controller (fully qualified domain name without preceding protocol – e.g.,LDAP:\\)

• LDAP Port (typically 389 or 636)

• Active Directory username and password

3. In the Citrix collaboration account section, enter the email address and password you use to log into your corporate GoToMeeting or OpenVoice administrator's account. (IMPORTANT: This is NOT thelogin for the Developer account.) The administrator account is permanently associated with the ADCand cannot be deleted.

4. Enter the consumerKey you acquired from the Citrix Developer Center. If you don't have aconsumerKey, go through the steps described at Acquire a consumerKey for the ADC.

5. In the API URL field, enter https://api.citrixonline.com.

6. If you want to use proxy settings in order to connect to services inside your network, check Useproxy settings and fill out the proxy fields.

Note: Proxy auto-config (.pac) files are not supported by the ADC service.

7. Click Appl y changes when finished.



14/31


Assign Active Directory groups

Provisioning is the act of giving a specific user with a specific email address an account for a specificCitrix SaaS product - GoToMeeting, GoToWebinar, GoToTraining, or OpenVoice. The ADC automaticallyperforms the provisioning for users in the Active Directory groups you assign.

The following steps assign the Active Directory groups. If you wish to set ADC provisioning options foremail addresses, to activate logging, delete deprovisioned users, or set deprovisioning alerts see Manage

ADC provisioning options.

Important: Nested Active Directory groups are not currently supported. Select each group at one level above the included users.

1. Open the ADC application and select the Provisioning tab.

2. Click Create assignment .

3. In the Create Assignment window, click Browse to search for and select an existing group from the Active Directory (the group SID will be automatically populated).

4. In the Create Assignment dialog, choose the Citrix product to provision (GoToMeeting,

GoToWebinar, GoToTraining or OpenVoice). GoToWebinar and GoToTraining accounts automaticallyinclude access to GoToMeeting. Only one product can be selected for each assignment; to provisiongroup members with multiple products, create additional assignments for the same group.

5. Click OK. Your new group assignment appears under Active Directory groups with assignedproducts.




15/31


Edit or delete a group assignment

1. Open the ADC and select the Provisioning tab.

2. Under Active Directory groups with assigned products, select the desired Active Directory groupassignment.

3. Select either of the following:

• To modify the group assignment, click Edit Assignment and make desired changes. Click OK when finished.

• To remove the group assignment (and deprovision all users), click Delete Assignment > Yes.The group assignment will automatically disappear from the table.




16/31


Manage ADC provisioning options

Provisioning options allow you to modify email addresses prior to provisioning for testing purposes,activate logging, delete deprovisioned users, and set deprovisioning alerts.

IMPORTANT: The provisioning options are global: they apply to all users and provisioning at all times.

Modify ADC provisioning options

1. Open the ADC and select the Provisioning tab.

2. Under the Global Options section, you'll see the following provisioning options. To enable an option,set or select the desired criteria in the Value column.

• Delete Citrix account of de-provisioned users – When users are deprovisioned, you can chooseto completely delete the users' Citrix accounts, or suspend an account and save the account data.If you suspend an account, future provisioning of the user (assuming the same email is used)restores the user's prior account including the data.

• Activate event logging for reporting – Logging records ADC events on the local server. The loglocation is set in the logging options.

• Activate alert on number of de-provisioning/suspension operations – When the selected numberof Active Directory users are de-provisioned or suspended, an alert can be delivered to theWindows Event Viewer. See Set up Active Directory Connector logging.

NOTE: Alerts occur based on events between polls. Set polling periods and event thresholds accordingly. Assume roughlyone event every half second or 500 milliseconds.

Modifying email Accounts for Testing

You can modify the format of outgoing email notifications to avoid contacting users during testing of the ADC. You can direct the emails to a designated domain or non-existent account.

• Modify email addresses before provisioning - Add prefix – Adding a prefix of “NEW” [email protected] to [email protected].

• Modify email addresses before provisioning - Add suffix – Adding a suffix of “OLD” [email protected] to [email protected].

• Modify email addresses before provisioning - Replace domain name – Adding a domain of “LOCAL”modifies [email protected] to [email protected].




17/31


Provision Users

Provisioning users in the Citrix Active Directory Connector (ADC) for the first time, or when you addgroups of users, allows for review of the user accounts before you provision. This procedure gives youthe opportunity to review your users, fix any errors, and provision only when you're ready. After this,

provisioning is automatic, assuming the Active Directory data values are valid. Also make sure you haveProduction status for your developer account before proceeding.

For a detailed overview of this process, see Managing Users in the ADC Overview.

The process to provision for the f irst time, or for newly added Active Directory groups, is:

Start the ADC - This queries the linked Active Directory groups and your Citrix account and displaysall the users in the ADC Users page. You can now work with your users in three basic steps.

1. Recognize existing Citrix account holders to avoid reprovisioning. To do this, use Automaticmatching to link Active Directory users to existing Citrix accounts where the emails are identical. Thenmanually match accounts where the same user has different credentials for the two accounts.(Alternately, you can delete the Citrix account and reprovision the user under their Active Directorycredentials.)

2. Provision all new Active Directory users. This clears the Active Directory queue (unmatched ADusers) of all but users with incorrect Active Directory data. Fix the data and these users will beprovisioned automatically the next time you start the ADC.

3. Finally, review and correct as needed users with Citrix accounts and no Acti ve Directoryaccount. These may be Unix or Mac users, contractors, or other special cases. Create equivalent

Active Directory accounts if you want to ensure all Citrix account management can be done bymanaging your Active Directory groups.



18/31


Users provisioned through the ADC receive an enrollment email. They login to change their password,and they then have access to a Citrix account. They can login on their Windows desktop, through abrowser, or on a mobile device. They can also access their accounts through extensions for applicationssuch as Outlook, SalesForce and Google Calendar.

For small changes of one to several users, the provisioning or deprovisioning can occur in a matter ofminutes. If you are provisioning hundreds or thousands of users, a general rule of thumb for a averagesystem is 1000 provisioning requests per hour.

Any changes to users in the provisioned Active Directory groups or users is reflected in the ADC andpassed to the Citrix Admin Portal. Provisioning is fully automated and your users have full access to CitrixSaaS business tools.



19/31


Start the ADC

1. On the Operations tab, click Start.

This starts the queries against the Active Directory and the Citrix account you used to connect throughthe Developer account.

Once the queries run, all linked Active Directory users new to the ADC display in the Unmatched ActiveDirectory users pane on the Users tab. All existing Citrix users on your corporate account display in theUnmatched Citrix users pane on the Users tab.

1. Match valid Active Directory Users

When you open the Users tab after adding a new group, you'll see a message: This service does notautomatically provision your users yet. The ADC is in Edit mode, allowing you to review the users before

provisioning.

Start by matching new Active Directory users to existing Citrix user accounts.

2. Click Automatic Match ing. This finds all users with identical email addresses between the twounmatched lists, AND who have valid Active Directory data. It automatically moves these users to theMatched users pane.

The users in the matched pane have Citrix accounts already, and these accounts match the ActiveDirectory accounts correctly (they use identical email addresses for the credentials).



20/31


Review the two unmatched panes. Look for Active Directory users who match users with Citrix accounts,but who were not identified during automatic matching. These users have different email addresses forthe two accounts.

You have two choices for how to manage these users. You can require identical email credentials (steps3 & 4) or match the two accounts (step 5).

3. To force identical emails, delete the Citrix account. Right-click the user from the Unmatched Citrixusers list, and select Delete User . This removes the user and any product provisioning for the userfrom the ADC and the Citrix product portals.

4. Click Appl y changes . You'll see a Provisioning successful message, and the status(es) will nolonger say Pending. If you deactivate edit mode before applying changes, any unsaved changes willbe lost.

Or match the two accounts:



21/31


5. To match two accounts, select each pair of matching accounts - one in Unmatched AD users andone in Unmatched Citrix users - and click Match Selected.

Unmatching accounts

6. If for any reason you decide to unmatch a matched user, select the desired user(s) in the Matchedusers table and click Revoke selected user matchings. The entries return to the Unmatched ActiveDirectory users and Unmatched Citrix users tables.

7. Click Appl y changes .

2. Provision all matched and new Active Directory users

You can provision all unmatched AD users, or provision selected users.

8. To provision all users, click Provision all unmatched AD Users.

9. To provision selected users, select the desired user(s) from the Unmatched AD users list (Ctrl-Shiftselects multiple users) and right-click to select Provision user . The provisioning status changes toPending, and the entries are moved to the Matched users list (also Pending).

You will be alerted that you are in Edit mode. Click Deactivate edit mode to begin provisioning.

IMPORTANT: Provisioning may take time. Assume approximately 1 hour per 1000 users.

When the provisioning step is completed, all valid Active Directory users - new Citrix users and thosewith a pre-existing Citrix account - are all in the Matched users pane.

If you have unmatched users remaining in either pane, continue on to the next section. However, if youdo have users in the Unmatched AD users pane at this point, these should now be only users with invalid

Active Directory data.

10. Correct the errors in the Active Directory. For a list of the data values the ADC queries, see ADC Requirements.

11. After a few minutes, the users will refresh in the Unmatched AD users pane. You can provisionthem, or match them with Citrix accounts.

All users should be cleared from the Unmatched AD users pane at this point.



22/31


3. Review and modify Citrix-only users

The remaining users in the Unmatched Citrix users pane have a Citrix account, but do not have an ActiveDirectory account. These may be Unix or Mac users, contractors, or other special cases. For unmatchedCitrix account users, you can leave them unmatched, or set up Active Directory matching.

12. Add them to the Active Directory using the same credentials as the existing Citrix account. Thisensures that you can manage all provisioning through the Active Directory.

The changes to Active Directory will, unless you place the ADC back in Edit mode in the User tab, getprovisioned automatically.



23/31


Run the ADC

For normal operations, open and start the Active Directory Connector (ADC), and set the pollingfrequency. Users added to or removed from the Active Directory groups linked to the ADC areautomatically provisioned (or de-provisioned) with no further intervention.

Run the ADC

1. Locate the Citrix ADC on your computer:

• Desktop icon:

• Start menu

• From the installation folder

2. Double-click to start the application. The ADC opens on the Operations tab. Click Start to start the ADC queries.

3. Set the Active Di recto ry po ll ing t ime(in seconds). The default polling time is set to 15 seconds –full range is 0 to 30,000 seconds. Alerts (see Manage ADC Provisioning) occur based on events

between polls. Set polling periods and event thresholds accordingly. Assume roughly one event everyhalf second or 500 milliseconds.



24/31


Adding users

Adding a new user consists of including them in the proper Active Directory group(s).

1. Add users to the appropriate Active Directory group or groups for Citrix provisioning.

2. Optional: In the ADC, verify that the new user appears in the User page of the ADC, typically in the

Unmatched AD users pane.The users will be automatically provisioned with the Citrix SaaS productsdefined for their groups.

Deleting users

Removing a user consists of removing them from your Active Directory and then making sure they areautomatically removed in the ADC.

1. Delete the user in Active Directory. They are automatically deleted from the provisioning groups in Active Directory.

2. The user is also automatically deleted in the Citrix Active Directory Connector. It is a good idea toverify that the deleted user is removed. If not, the user may be unmatched to an Active Directory

group. In that case:

3. Select the Users tab in ADC.

4. Click Activate edi t mode and wait until you see Edit mode: Active in the bottom-right corner.

7. Click Deactivate edit mode and wait until you see Edit mode: Inactive.



25/31


Set up Active Directory Connector logging

The Citrix Active Directory Connector (ADC) logs activities to the Windows Event Viewer.

Set up logging in the Active Directory Connector

1. Open the ADC and select the Operation tab.

2. In the More configuration section, set the Windows event logger , File logger and the Folder forfile logging as needed.




26/31


Locate ADC log files in the Windows Event Viewer

1. Open the Windows Event Viewer (Start > Al l Programs > Admini st rat ive Too ls > Event Viewer ).

2. In the left navigation, select Appl ications and Servi ces Logs > Cit ri x AD Connector . Only ActiveDirectory Connector logs will be displayed.



27/31


Set up email notification for ADC errors

You can set up email notifications for error messages and status messages for Citrix Active DirectoryConnector (ADC) events. The following additional requirements are needed for this process:

• SMTP(S) server (to send status in formation) -- SMTP service account (user/password) forsending emails (only if it's necessary for your SMTP server)

• SSL certifi cate -- May be required to connect to the SMTP server and Domain Controller securely(optional)

You can also Set up email notification for ADC status.

Create an email task in the Windows Event Viewer

1. Open the Windows Event Viewer (Start > All Programs > Administ rative Tools > Event Viewer ).

2. With the ADC installed, the Windows Event Viewer will show an additional event log called ADCSLog (under the Applications and Services Logs folder). Select the new event log in the leftnavigation.

3. In the records pane, right-click the event for which you’d like to receive email notifications andselect Attach Task To This Event from the drop-down menu.

4. In the Create a Basic Task wizard, name your task and click Next > Next.

5. Select Send an email and click Next.



28/31


6. Fill out the From, To, Subject, Text, Attachment and SMTP server fields and click Next.

7. Click Finish to save your new task.

Specify when the notification email is sent using the Windows TaskScheduler

1. Open the Windows Task Scheduler (Start > All Programs > Administ rative Tools > TaskScheduler ).

2. In the left navigation, select Task Scheduler Library > Event Viewer Tasks.

3. Right-click the new task created in the prior set of steps and select Properties.

4. On the General tab, click Run with highest privileges check box.

5. On the Triggers tab, select On an event and click Edit. Enable the Delay task fo r check box andenter 2 minutes and click OK. If you do not add a delay, new events that arrive will trigger additionalactions before the actual action is completed.

6. On the Actions tab, review the actions that will occur when your task starts. The following actionsare required; you can add, edit or delete as needed. Click OK when finished.

• Stop task (disable_task.bat) – schtasks / Change / TN "Event Vi ewer

Tasks\ ADCSLog_Er r or " / DI SABLE • Get error (error_status.bat) – del %t emp%\ err or_ st atus. t xt wevt ut i l qe ADCSLog

/ q: "*[ Syst em[ Pr ovi der [ @Name=' AD Conn' ] and ( Level =2) and Ti meCr eat ed[ t i medi f f ( @Syst emTi me)


29/31


Test the configuration

Retrieve all error events from the last two minutes and save them to c:\temp\error_status.txt. From there,the new task created in Step #1 should collect the error events and attach them to the email.

The following events represent examples of error messages and what they mean if they're reported in the Active Directory Connector service.

Event [ 0] : Log Name: ADCSLog Source: AD ConnDat e: 2013- 02- 28T16: 11: 59. 000 Event I D: 0 Task: N/ A Level : Er r or Opcode: I nf oKeyword: Cl assi c User : N/ A User Name: N/ AComput er : de- pc- dev-018. ad. cor p. exper t ci t y. com Descri pt i on:2013- 02- 28 16: 11: 59, 502 [ WorkOr der Thread]ERROR - Wr i t i ng OSD dat a: Or gani zerADConnEG2T@t r ash- mai l . com was not cr eated

Event [ 3] : Log Name: ADCSLog Source: AD ConnDat e: 2013- 02- 28T16: 11: 58. 000 Event I D: 0 Task: N/ A Level : Er r or Opcode: I nf oKeyword: Cl assi c User : N/ A User Name: N/ AComput er : de- pc- dev-018. ad. cor p. exper t ci t y. com Descri pt i on:2013- 02- 28 16: 11: 58, 257 [ WorkOr der Thread]ERROR - Wr i t i ng OSD dat a: Ser ver r esponseexcept i on: {St atusCode": "409","St at usCodeAsSt r i ng": "Conf l i ct" ,"Response": "The remot e server r eturned an

err or: ( 409) Conf l i ct. "}Event [ 1] : Log Name: ADCSLog Source: AD ConnDat e: 2013- 02- 28T16: 11: 59. 000 Event I D: 0 Task: N/ A Level : Er r or Opcode: I nf oKeyword: Cl assi c User : N/ A User Name: N/ AComput er : de- pc- dev-018. ad. cor p. exper t ci t y. com Descri pt i on:2013- 02- 28 16: 11: 59, 499 [ WorkOr der Thread]ERROR - Wr i t i ng OSD dat a: Ser ver r esponseexcept i on: {"St atusCode": "409","St at usCodeAsSt r i ng": "Conf l i ct" ,"Response": "The remot e server r eturned anerr or: ( 409) Conf l i ct. "}

Event [ 4] : Log Name: ADCSLog Source: AD ConnDat e: 2013- 02- 28T16: 11: 56. 000 Event I D: 0 Task: N/ A Level : Er r or Opcode: I nf oKeyword: Cl assi c User : N/ A User Name: N/ AComput er : de- pc- dev-018. ad. cor p. exper t ci t y. com Descri pt i on:2013- 02- 28 16: 11: 56, 966 [ WorkOr der Thread]ERROR - Wr i t i ng OSD dat a: Or gani zerADConn2. User 2@t r ash- mai l . com was notcr eat ed

Log Name: ADCSLog Source: AD Conn Dat e:2013- 02- 28T16: 11: 58. 000 Event I D: 0 Task:

N/ A Level : Err or Opcode: I nf o Keyword:Cl assi c User : N/ A User Name: N/ A Comput er :de- pc- dev- 018. ad. cor p. exper t ci t y. comDescr i pt i on: 2013- 02- 28 16: 11: 58, 260[ WorkOr derThread] ERROR - Wr i t i ng OSD dat a:Or gani zer ADConn1. User 1@t r ash- mai l . com wasnot cr eat ed

Event [ 5] : Log Name: ADCSLog Source: AD ConnDat e: 2013- 02- 28T16: 11: 56. 000 Event I D: 0

Task: N/ A Level : Er r or Opcode: I nf oKeyword: Cl assi c User : N/ A User Name: N/ AComput er : de- pc- dev-018. ad. cor p. exper t ci t y. com Descri pt i on:2013- 02- 28 16: 11: 56, 963 [ WorkOr der Thread]ERROR - Wr i t i ng OSD dat a: Ser ver r esponseexcept i on: {"St atusCode": "409","St at usCodeAsSt r i ng": "Conf l i ct" ,"Response": "The remot e server



30/31


Set up email notification for ADC status

You can set up email notifications for error messages and status messages for Citrix Active DirectoryConnector (ADC) events. The following additional requirements are needed for this process: [n this caseyou must change the search filter for the messages in the event log.]

• SMTP(S) server (to send status in formation) -- SMTP service account (user/password) forsending emails (only if it's necessary for your SMTP server)

• SSL certifi cate -- May be required to connect to the SMTP server and Domain Controller securely(optional)

You can also Set up email notification for ADC errors.

Create a scheduled task in the Windows Task Scheduler

1. Open the Windows Task Scheduler (Start > Al l Programs > Administ rat ive Too ls > TaskScheduler ).

2. In the left navigation, select Task Scheduler Lib rary > Event Viewer Tasks.

3. In the right navigation, select Create Basic Task.

4. Use the Create Basic Task Wizard to give the task a name and select when and how often itshould start.

5. Select Send an email and click Next.

6. Fill out the From, To, Subject, Text, Attachment and SMTP server fields and click Next.

7. Click Finish to save your new task.

Specify when notification email is sent

1. In the Task Scheduler left navigation, select Task Scheduler Library > Event Viewer Tasks. A new task is created.

2. Right-click the new task and select Properties.

3. On the General tab, click Run with highest privileges.

4. On the Actions tab, create a new action by selecting New > Start a program > OK.



31/31


5. On the Actions tab, review the actions that will occur when your task starts. The following action isrequired; you can add, edit or delete as needed. Click OK when finished.

Fi l t er event l og and wri t e f i l e ( dai l y_status. bat ) – del%t emp%\ dai l y_st atus. t xt wevt ut i l qe ADCSLog / q: "*[ Syst em[ Provi der [ @Name=' ADConn' ] and Ti meCr eat ed[ t i medi f f ( @Syst emTi me) &l t ; = 86400000] ] ] " / f : t ext/ r d: t r ue &gt ; C: \ t emp\ dai l y_st at us. t xt

Email output example

Once successfully configured, the output will be attached to the email. The following is an example of adaily email status output:

2013- 03- 20 09: 35: 19, 448 | Or gani zer Nan. Cobal dt - 0000suf f i x@myCorp. com was cr eat edwi t h G2T

2013- 03- 20 09: 35: 18, 077 | Stat us changed t o suspended f or user wi t h organi zer keyPer r y. Wai t e- 0005suf f i x@myCorp. com

2013- 03- 20 09: 35: 16, 555 | Or gani zer Per r y. Wai t e- 0005suf f i x@myCorp. com was creat edwi t h G2T

2013- 03- 20 09: 35: 15, 152 | Or gani zer Vi j ay. Sudbr a- 0010suf f i x@myCorp. com was creat edwi t h G2W

2013- 03- 20 09: 35: 13, 603 | Or gani zer Hect or . Gomez- 0011suf f i x@myCorp. com was cr eat edwi t h G2W

- - - - - - - - - - - - - - - - - - - - - - - - - -

26 users cr eated successf ul l y

adc admin guide.pdf

Documents