RM Cloud Service Delivery can assist you with your Network Provisioning installation. For further information, please speak to your Sales representative on 01235 645 316 or email getintouch@rm.com, quoting this article.

Microsoft Active Directory (AD) is an essential component of your school network. It helps you manage computers, servers, users and permissions. With RM Unify, we help you reduce the burden of user management in your cloud services, but we can also do the same for your AD users too.

As a school, you must first decide whether you want to drive your AD user management from RM Unify, or drive RM Unify from your own AD.

• Want to drive AD users from the MIS, via RM Unify? You need RM Unify Network Provisioning, so continue reading this article.
• Want to drive RM Unify users from your AD because you have existing AD management strategies? You need RM Unify AD Sync. Please refer to DWN3182456 in the Other Useful Articles section below.

Note: Support for shared networks provisioned from multiple RM Unify establishments is available. Please contact your Sales representative.

Note: For Community Connect® 4 (CC4) customers, this is supported on CC4.5 (i.e. where your CC4 First server is 2012R2) and above networks. Matrix networks are not supported.

The RM Unify Network Provisioning feature takes the stress out of managing users in AD. It is a bolt-on for RM Unify and its primary tasks are:

1. Creating and disabling users in your AD network and providing ongoing synchronisation of the RM Unify user attributes.
2. Synchronising passwords in both directions, from cloud-to-network and network-to-cloud.

Your users can be provisioned into RM Unify from MIS Sync, a CSV file, or created through the web form in RM Unify Management Console. The user's lifecycle in AD is driven by RM Unify in the cloud, which performs the following in AD:

• User creation.
• User attribute changes.
• Username changes.
• User disable/enable.
• Password changes.

Note: Users are never deleted from your AD. Deletion of a user in the cloud results in a disabled user in your AD and, for vanilla Windows networks, deleted information written to an AD attribute of your choice.

All this is audited in the RM Unify Management Console. A new User Audit page shows all the events that have affected your users in the cloud or in your AD. This means that you have full visibility of all changes to your user data from one place.

The RM Unify Network Agent is a Windows Service installed on one domain controller (DC) on your network. We recommend the primary DC or CC4 First server. This Windows Service is responsible for contacting the RM Unify cloud service, pulling the changes in user data for your school and enacting these changes in your AD.

On first run, the Active Directory Schema will be extended by defining some new attributes for user objects, which are required for the Network Agent to keep track of which users it manages. First run will also trigger a full-sync with RM Unify, pulling down all users for your establishment and updating the AD users to reflect this. The Network Agent will never delete users from your AD. Once the initial synchronisation has taken place, user changes in RM Unify will be pushed down to AD every five minutes.

Note: You cannot use this RM Unify Network Provisioning feature alongside RM Unify AD Sync. You must choose how you want to manage your AD users. Once the Network Agent MSI is generated in the RM Unify Management Console, RM Unify will no longer process messages from AD Sync and the AD Sync Service should be uninstalled from your network.

The RM Unify Password Filter component needs to be installed on each DC that processes password changes. This component is responsible for collecting password changes from your AD and securely synchronising them with RM Unify. Passwords are synchronised between the AD and RM Unify cloud every five minutes.

Please refer to:

• TEC5832777 in the Other Useful Articles section below for more details on the synchronisation mechanism.
• TEC5797912 in the Other Useful Articles section below for details about the prerequisites before installing the RM Unify Network Provisioning components.

Network Provisioning can be enabled from the RM Unify Management Console: https://launchpad.rmunify.com/ManagementConsole/NetworkUserSync.

Clicking the above link will prompt you to log on to your RM Unify establishment if you are not already logged on and is accessible to all RM Unify customers with a valid RM Unify Premium licence.