Musac Edge and AD/Google
131 views
Skip to first unread message
Mark Anderson
Feb 10, 2019, 4:53:38 PM2/10/19
to Techies for schools
Hello all,
We have a pretty in-elegant way of creating and maintaining student AD and G-Suite accounts, and we want to improve it. Does anyone have a automated way (eg Python script or whatever) that syncs Edge students with AD accounts, and G-Suite accounts also?
We'd need to be able to add/move/edit AD accounts (eg change from Year 12 to Year 13 OU, and change group memberships), and to remove students' user drive folders from the network once the student has left (after a configurable grace period). Similarly, to create/edit G-Suite accounts, and to suspend them, and finally delete them after a similar grace period.
We have been using a homebrew program and Powershell scripts but it is all a bit "Mickey Duck" as my old maths teacher would say. Does anyone have a self-contained solution for this?
Edge has a sync tool but I believe it is designed to work with Azure AD which we don't have. It also doesn't do anything with G-Suite either.
Thanks very much,
Mark.
Mike Etheridge
Feb 10, 2019, 5:01:29 PM2/10/19
to techies-f...@googlegroups.com
Probably work something through gam, a set of python scripts. I’m using gam, working really well, but not in the situation you describe.
Mike
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alistair Baird
Feb 10, 2019, 5:23:09 PM2/10/19
to techies-f...@googlegroups.com
We use GADS for sync'ing AD as per your requirements, and our SMS is Kamar, which syncs to AD. If you have an Edge to AD, you're sorted.
--
Mike
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Pete Mundy
Feb 10, 2019, 5:34:47 PM2/10/19
to techies-for-schools@googlegroups.com schools
+1 for GAM! I've used it for some custom Edge to GSuite automatic provisioning in the past.
It can probably be bolted onto the Mickey Duck program too, since it's home-brew (and if you have access to the source).
Pete
Simon Wright
Feb 10, 2019, 5:35:05 PM2/10/19
to techies-f...@googlegroups.com
I have developed my own 'self-contained' solution (Windows service) for sync'ing from Kamar to AD, it manages the students entire life cycle with the functionality you have described, however, i use GADS (Google AD Sync) for maintaining the sync to Google, i do use GAM for initial account creation with the password from kamar. Lastly i rely on Azure AD connect to sync to Azure AD.
It could be adapted for Edge... how to you get data out of Edge currently? assuming their is some form of API?
Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga
Regards
Simon Wright
ICT Manager
 | |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
On Mon, 11 Feb 2019 at 11:23, Alistair Baird <bai...@stpeterspn.school.nz> wrote:
We use GADS for sync'ing AD as per your requirements, and our SMS is Kamar, which syncs to AD. If you have an Edge to AD, you're sorted.
On Monday, 11 February 2019, Mike Etheridge <mi...@etheridge.co.nz> wrote:
Probably work something through gam, a set of python scripts. I’m using gam, working really well, but not in the situation you describe.
Mike
On 11/02/2019, at 10:53 AM, Mark Anderson <m...@lphs.school.nz> wrote:
Hello all,We have a pretty in-elegant way of creating and maintaining student AD and G-Suite accounts, and we want to improve it. Does anyone have a automated way (eg Python script or whatever) that syncs Edge students with AD accounts, and G-Suite accounts also?We'd need to be able to add/move/edit AD accounts (eg change from Year 12 to Year 13 OU, and change group memberships), and to remove students' user drive folders from the network once the student has left (after a configurable grace period). Similarly, to create/edit G-Suite accounts, and to suspend them, and finally delete them after a similar grace period.We have been using a homebrew program and Powershell scripts but it is all a bit "Mickey Duck" as my old maths teacher would say. Does anyone have a self-contained solution for this?Edge has a sync tool but I believe it is designed to work with Azure AD which we don't have. It also doesn't do anything with G-Suite either.Thanks very much,Mark.--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
Caroline Morris SMCS Karori & Whitby
Feb 10, 2019, 5:41:31 PM2/10/19
to techies-f...@googlegroups.com
Same here GADS for us too
From: techies-f...@googlegroups.com <techies-f...@googlegroups.com> On Behalf Of Alistair Baird
Sent: Monday, 11 February 2019 11:23 AM
To: techies-f...@googlegroups.com
Subject: Re: [techies-for-schools] Musac Edge and AD/Google
We use GADS for sync'ing AD as per your requirements, and our SMS is Kamar, which syncs to AD. If you have an Edge to AD, you're sorted.
On Monday, 11 February 2019, Mike Etheridge <mi...@etheridge.co.nz> wrote:
Probably work something through gam, a set of python scripts. I’m using gam, working really well, but not in the situation you describe.
Mike
On 11/02/2019, at 10:53 AM, Mark Anderson <m...@lphs.school.nz> wrote:
Hello all,
We have a pretty in-elegant way of creating and maintaining student AD and G-Suite accounts, and we want to improve it. Does anyone have a automated way (eg Python script or whatever) that syncs Edge students with AD accounts, and G-Suite accounts also?
We'd need to be able to add/move/edit AD accounts (eg change from Year 12 to Year 13 OU, and change group memberships), and to remove students' user drive folders from the network once the student has left (after a configurable grace period). Similarly, to create/edit G-Suite accounts, and to suspend them, and finally delete them after a similar grace period.
We have been using a homebrew program and Powershell scripts but it is all a bit "Mickey Duck" as my old maths teacher would say. Does anyone have a self-contained solution for this?
Edge has a sync tool but I believe it is designed to work with Azure AD which we don't have. It also doesn't do anything with G-Suite either.
Thanks very much,
Mark.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
SAMUEL MARSDEN COLLEGIATE SCHOOL
Fax +64 4 939 8934
Marsden Avenue, Karori
www.marsden.school.nz
Email disclaimer: This email and any attachments are confidential. If you are not the intended recipient, do not copy, disclose or use the contents in any way. If you receive this message in error, please let us know by return email and then destroy the message. Samuel Marsden Collegiate School is not responsible for any changes made to this message and/or any attachments after sending.
Message has been deleted
Mark Anderson
Feb 10, 2019, 7:14:34 PM2/10/19
to Techies for schools
How do I get data out of Edge currently? Manually export a .csv file from within Edge. This goes through a homebrew program which compares the Edge student csv to csvs exported from AD. If there is a student in Edge not in AD, it adds that data to a "newstudent.csv" file. if there is a student in AD not in Edge, it adds that student to an "archive.csv" file. I then manually run Powershell scripts (adapted from the net) to either create or archive the appropriate student account. But it's pretty hands-on process, we would like something a bit more automated and hands-off. It would also handle student user drives (and ideally G-suite accounts as well).
Thanks,
Mark.
Simon Wright
Feb 10, 2019, 7:23:39 PM2/10/19
to techies-f...@googlegroups.com
Hey Mark,
When i first started here, it too was a very manual process of exporting csv's and running various scripts. When we moved to Kamar, they had their own sync tool but it was very rigid, so developed something a bit more useful in powershell and when Kamar moved to a directory push service via http, i rebuilt it from scratch in C# as a windows service so it just runs happily in the background. I've been running it for several years now, with next to no issues, its very reliable.
So because Kamar pushes the data need to create accounts via an http post using either xml or a json payload, its very easy to then do whats required with that data.
Do have have any more insight with Edge and getting data out, or is it purely just a manual process of downloading a csv file?
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
On Mon, 11 Feb 2019 at 13:12, Mark Anderson <m...@lphs.school.nz> wrote:
How do I get data out of Edge currently? Manually export a .csv file from within Edge. This goes through a homebrew program which compares the Edge student csv to csvs exported from AD. If there is a student in Edge not in AD, it adds that data to a "newstudent.csv" file. if there is a student in AD not in Edge, it adds that student to an "archive.csv" file. I then manually run Powershell scripts (adapted from the net) to either create or archive the appropriate student account. But it's pretty hands-on process, we would like something a bit more automated and hands-off. It would also handle student user drives (and ideally G-suite accounts as well).
Thanks
Mark.
On Monday, 11 February 2019 11:35:05 UTC+13, Simon - OBHS wrote:
Nick Steenson
Feb 10, 2019, 7:28:28 PM2/10/19
to techies-f...@googlegroups.com
I'm surprised I didn't know KAMAR used an HTTP POST with xml/json... I should look at writing a tool as well (or look at yours again Simon).
Maybe in 2030 when I have time.
Nick
 |
| ||||||||||
Simon Wright
Feb 10, 2019, 7:36:57 PM2/10/19
to techies-f...@googlegroups.com
Yeah exactly Nick, time!
Ive just sent an email to MUSAC asking for info relating to getting data out. Being they are web based, i;m assuming they will have some form of API.
Yes, Kamar Directory Services, made life a lot easier, especially for other companies...
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
Sam McNeill
Feb 10, 2019, 7:38:42 PM2/10/19
to Techies for schools
I believe Tony @ Edge developed a School Data Sync integration for Edge --> AAD based off this:
IT does not do the full life cycle you're all talking about however
Nick Steenson
Feb 10, 2019, 7:40:00 PM2/10/19
to techies-f...@googlegroups.com
Does a student changing their password in the KAMAR portal trigger an update? That's the major headache with KDMS at the moment (that and no test-sync etc etc).
Hmmm.... Maybe I'll make time...
Nick
Pete Mundy
Feb 10, 2019, 7:54:14 PM2/10/19
to techies-f...@googlegroups.com
Hi Simon
If you discover anything positive on this front, please let the list know! I've been told by another developer that when he enquired he was told that no export functionality existed.
We're currently getting the information out with a web-scraper and I'd love to replace that with something more structured!
FWIW, in comparison, eTap made it easy to get a useful export. It's definitely not an API, but still a useful export function.
Pete
> On 11/02/2019, at 1:36 PM, Simon Wright <simon....@obhs.school.nz> wrote:
>
> <snip>
If you discover anything positive on this front, please let the list know! I've been told by another developer that when he enquired he was told that no export functionality existed.
We're currently getting the information out with a web-scraper and I'd love to replace that with something more structured!
FWIW, in comparison, eTap made it easy to get a useful export. It's definitely not an API, but still a useful export function.
Pete
> On 11/02/2019, at 1:36 PM, Simon Wright <simon....@obhs.school.nz> wrote:
>
> <snip>
> Ive just sent an email to MUSAC asking for info relating to getting data out. Being they are web based, i;m assuming they will have some form of API.
> <snip>
Simon Wright
Feb 10, 2019, 8:17:57 PM2/10/19
to techies-f...@googlegroups.com
Would have to test, but i believe changing the password in kamar is a trigger for a partial sync out of kamar (there are certain fields that if changed trigger a sync of just that student). When i say sync i mean data is pushed from kamar to listening services.
This is one aspect i have not yet implemented in my tool, but on the cards (its just not something we need at the moment). Annoyingly there is no way to 'push' passwords back into kamar, their service is a one way street.
On the Edge topic, i've had a first reply which is apparently as Sam mentioned a manually downloading zip containing a csv to use the the Microsoft School Data Sync.
Ive asked again if there is any other ways to get data for third parties, but not looking good.
To be honest, thats really poor if there is truly no other way of getting data out of Edge in an automated fashion.
Are all Edge schools manually downloading csv's and running scripts to manage users in a local AD environment?
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nick Steenson
Feb 10, 2019, 8:51:18 PM2/10/19
to techies-f...@googlegroups.com
Hi,
I believe that's the issue, is that changing the password on their portal ISN'T a partial sync trigger (KDMS only gets a partial sync trigger when a staff member presses "update directory sync" under their names, not when they change their PW.
Nick
On Mon, 11 Feb 2019 at 14:17, Simon Wright <simon....@obhs.school.nz> wrote:
Simon Wright
Feb 10, 2019, 9:36:58 PM2/10/19
to techies-f...@googlegroups.com
Ok, so i've asked a few schools and had another reply from Musac, it seems the manual csv file export is the only way.
Ive asked to be put in touch with their developers to open some dialog around this question.
Mark, in the mean time, i have been working on making my sync tool into a command line friendly executable, so i will look at adding support for processing a csv file from Edge. Will be in touch.
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
Pete Mundy
Feb 10, 2019, 10:14:54 PM2/10/19
to techies-f...@googlegroups.com
Which doesn't necessarily mean it can't be automated. It just mean's it's ugly and unstructured to do so! Very very ugly.
http://phantomjs.org
http://casperjs.org
And deprecated now too I see!
I had better find another way...
Julian Davison
Feb 12, 2019, 3:22:38 PM2/12/19
to techies-f...@googlegroups.com
Bit of template editing with JavaScript should fix that!
Tony (Edge Learning)
Feb 13, 2019, 2:44:20 PM2/13/19
to Techies for schools
Hi All,
Thought I would jump in here.
We do have the ability to synch with AD directly using Microsofts School Data Synch which Sam McNeill mentioned on this thread. This sends student, staff, class and group into to AD. It does do it via CSV's and does require a manual intervention in the School Education Tenant but does have the ability to do a onetime full synch and then synch changes. There is an API method on its way, but this still doesn't work well based on about 3 months of testing we did with Microsoft at the end of last year. We will upgrade our SDS implementation to the API method when it is tested and works.
An alternative method might be to use the suite of API's that we have to get the data out of Edge and then write something that suits your needs to sync that with AD. We are moving into an API centric way of moving data in and out of Edge and actually have a number of third party apps using the API suite (School Links, Vistab, Parent Paperwork + others). Our own mobile app uses the API's so we are "eating our own dog food". It would be fair to say there are way more "Get" endpoints than "Post" endpoints at this stage but these get added to quite quickly when there is a request.
If anyone is interested in the API's you can drop me an email and we can see what can be done.
Thanks
Tony
Simon Wright
Feb 13, 2019, 2:59:06 PM2/13/19
to techies-f...@googlegroups.com
Thanks Tony,
I did drop you an email a couple of days ago, definitely interested in what APIs you have.
Also, i think there should be clear definition between "Azure AD" which is the cloud instance of Active Directory and the commonly referred to "AD" which references to a local Active Directory instance on in-house servers. While the you can use csv's directly for the Microsoft School Data Sync, you can't with a local AD unless you run your own powershell script or other script to process and load the data into AD, which was why this thread was started.
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tony (Edge Learning)
Feb 13, 2019, 4:54:08 PM2/13/19
to Techies for schools
Hi Simon,
Good point. School Data Synch works with Azure AD.
I have emailed you the details of the API's
Thanks
Tony
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jake Wills
Feb 14, 2019, 12:39:23 AM2/14/19
to Techies for schools
For those of you interested in capturing what comes out of KAMAR I've written an open source AD Sync service which you can find here:
It's nowhere near as full as Simon's, but it might be a starting point for someone trying to achieve something slightly different.
Project Phoenix from N4L also was looking at syncing directly with Google... I think MUSAC were talking to N4L about this at one stage as well... don't know where that got to:
Jake
Reply all
Reply to author
Forward
0 new messages