|Published Date : 18 Jul 2014
Last Updated : 25 Jun 2019
Content Ref: DWN3182456
RM Cloud Service Delivery can assist you with your RM Unify AD Sync installation. For further information, please speak to your Sales representative on 08450 700 300.
RM Unify AD Sync is available to RM Unify Premium account customers, or customers who have purchased RM SafetyNet. It allows network managers to synchronise local school user accounts and passwords with RM Unify. This service ensures that students and school staff can access RM Unify with the same user account details that they use to access their local network resources.
There are two components: RM Unify AD Sync and the RM Unify Password Filter. This download article provides:
- RM Unify AD Sync v3 for Community Connect® 4 (CC4) Release Note.
- RM Unify AD Sync v3 for Microsoft® Windows Server® networks Release Note.
- The file RM_Unify_AD_Sync_v3.zip, which contains installers for:
- RM Unify AD Sync.
- RM Unify Password Filter.
|RM Unify AD Sync v3 improvements|
This version of RM Unify AD Sync is a requirement for:
- RM Unify Desktop single sign-on.
- Google password synchronisation.
- Chrome single sign-on (Chromebook and Chrome browser).
- SafetyNet user-based internet filtering.
|RM Unify AD Sync can be installed on the following networks:
- CC4 networks (including CC4 Matrix):
- CC4.3 (Windows Server 2008).
- CC4.5 (Windows Server 2012 R2 and 2016).
- Other Active Directory networks based on:
- Windows Server 2008 R2.
- Windows Server 2012 R2.
- Windows Server 2016.
|**IMPORTANT - Pre-existing AD Sync RM Unify accounts**|
If you already have an RM Unify establishment populated with AD Sync provisioned user accounts from a different Active Directory or CC4 network, you must perform an AD Sync migration as per TEC4061769 'Migrating RM Unify AD Sync provisioning to a new Active Directory', which can be found in the Other Useful Articles section below.
If you do not, you risk duplicating all of your RM Unify accounts and also all your Office 365 and/or G Suite accounts etc.
|Important point to note re RM CC4 UEV|
|If you have RM CC4 UEV (User Environment Virtualisation) installed on your CC4 network, then after installing RM Unify AD Sync you will need to change the default role mappings, from Profile path, to either AD location or Group membership. More details can be found in TEC6583553 in the Other Useful Articles section below.|
|Pre-requisites and installation:|
- RM Unify AD Sync cannot process network users where the users are members of an AD group with a '\' or '/' in the name. Neither can it process users who are in OUs containing '\' or '/'. You must rename any such groups or locations to remove these characters prior to installing AD Sync. Please refer to TEC5212534 in the Other Useful Articles section for more information.
- Prerequisites for installing RM Unify AD Sync:
- Microsoft .NET Framework v3.5 SP1.
- Prerequisites for installing RM Unify Password Filter:
- Microsoft .NET Framework v3.5 SP1.
- The appropriate version of Microsoft Visual C++ 2010 Redistributable Package for your server (32-bit and 64-bit, depending on the operating system version).
Passwords are captured when they are changed on the network.
- For schools installing RM Unify AD Sync for the first time, all users must change their password in order to fully synchronise local network accounts and passwords with RM Unify. The release notes give instructions for forcing a password change.
- For schools upgrading from an earlier version of AD Sync, users already provisioned into RM Unify do not need to change their password unless they are making use of SafetyNet user-based internet filtering or Google password synchronisation.
- Installation of the RM Unify Password Filter will require a reboot of all domain controllers.
- Refer to the appropriate release notes for full information on requirements, how to check the prerequisites and how to install the components.
|Active Directory requirements for installing RM Unify AD Sync v3 for multiple schools in a single AD domain|
RM Unify AD Sync v3 allows LAs, academy trusts or clusters of schools that have consolidated their Active Directory into a single domain to use a single instance of RM Unify AD Sync.
The set of users in each school is identified by an Active Directory organisational unit (OU) and optional group membership. This means that either each school should be identifiable in the Active Directory by a unique OU or if all schools are in the same OU, then each school must have a unique Active Directory group.
Once the set of users in a school is identified, RM Unify AD Sync can use either child OU, Active Directory group membership or profile path to derive the user role for that school. This set of users is then assigned one of the standard set of roles understood by RM Unify (Student, Teaching Staff, Non-Teaching Staff, Governors, Other).
If this is a new installation of RM Unify AD Sync or if you are upgrading from an earlier version of RM Unify AD Sync, you need to download these files:
- RM Unify AD Sync v3 Release Note relevant to your network.
To download a file from the Download section below:
- Right-click the disk icon for the file you want and choose Save Target As.
- When the Save As window prompts you for a destination, browse to the folder where you want to save it and click Save.
- When it has downloaded, click Close.
|For instructions, please refer to the appropriate release note for your network:
- For CC4 networks, follow the instructions in the RM Unify AD Sync v3 for CC4 Release Note from the Download section.
- For other Windows Server networks, follow the instructions in the RM Unify AD Sync v3 for WS Release Note from the Download section.
|Post-installation server checks|
- Log on to the server as an administrator.
- Click Start, Control Panel.
- Follow the appropriate steps given below on your server operating system:
- Windows Server 2008 R2/Windows Server 2012 R2
- Click Programs, 'Uninstall a program'.
- Select each component in turn and check its version number.
- Close the 'Uninstall or change a program' window.
- For any additional servers, repeat these steps.
|RM Unify AD Sync*
|RM Unify Password Filter 64-bit**
|RM Unify Password Filter 32-bit***
* Only on the server where you have chosen to install RM Unify AD Sync.
** On all 64-bit domain controller servers.
*** On all 32-bit domain controller servers.
|Post-installation user checks|
- For new installations and upgrades, provision a new user into RM Unify. Once provisioned, change their network password and confirm you can log on to RM Unify.
- For upgrades only, change the network password of a user that was already provisioned into RM Unify and confirm you can log on to RM Unify with the new password.
If this article has not helped provide a solution then it is also possible to
log a call...
Document Keywords: download, install, unify, provisioning, administration, synchronisation, ad sync v3