migrating from KAMAR windows service to new directory services interfaces
138 views
Skip to first unread message
Ict Technician
Oct 15, 2015, 6:29:57 PM10/15/15
to Techies for schools
Has anyone had any experience with getting this working seamlessly?
We currently have an unmodified kamar windows service that runs and populates AD, with scripts to check for new users that reset the pager field so that the second time kamar syncs new users google's apps password sync works properly (since GADS needs to run first)
I'm hoping someone out there runs KAMAR / AD / GAFE and already has automated methods for the Kamar DSI.
We currently have an unmodified kamar windows service that runs and populates AD, with scripts to check for new users that reset the pager field so that the second time kamar syncs new users google's apps password sync works properly (since GADS needs to run first)
I'm hoping someone out there runs KAMAR / AD / GAFE and already has automated methods for the Kamar DSI.
Alistair Baird
Oct 15, 2015, 6:36:36 PM10/15/15
to techies-f...@googlegroups.com
I contacted Kamar when I saw the message during term 2/3 holidays and tried to get their "specialist" to call me back, but je works limited hours. I'm still waiting for them to return a call as I understand they have a dummy school with GADS. I worry and have not upgraded yet, as I can't afford to loose all my GADS accounts. I already have enough trouble with v4 GADS removing all my groups and upsetting shared docs when you share with a group.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ict Technician
Oct 15, 2015, 6:49:47 PM10/15/15
to Techies for schools
Similar experience here. I talked to them about it first over a year ago, and was told that it was my problem, not theirs. I'm glad they've written the DSI at all, as they were not going to to start with.
Still, only a few months to go and i'm getting very nervous. can't really afford to make a mistake here.
Still, only a few months to go and i'm getting very nervous. can't really afford to make a mistake here.
On Friday, October 16, 2015 at 11:36:36 AM UTC+13, Alistair Baird wrote:
I contacted Kamar when I saw the message during term 2/3 holidays and tried to get their "specialist" to call me back, but je works limited hours. I'm still waiting for them to return a call as I understand they have a dummy school with GADS. I worry and have not upgraded yet, as I can't afford to loose all my GADS accounts. I already have enough trouble with v4 GADS removing all my groups and upsetting shared docs when you share with a group.
Ict Technician
Oct 15, 2015, 6:54:20 PM10/15/15
to Techies for schools
this is the bit that worries me:
What kind of thoughtlessness is that? A fresh start? who are they kidding?
This service is intended to replace the old KAMAR AD Service (aka Network Users) which was originally written for Windows 2003 Server.
This tool would be better suited as fresh start rather than the taking over of an existing directory. The main reason for this is a difference in naming conventions used in the KAMAR managed AD security groups that may necessitate the reapplying of permissions to the newly created replacement groupings.
This tool would be better suited as fresh start rather than the taking over of an existing directory. The main reason for this is a difference in naming conventions used in the KAMAR managed AD security groups that may necessitate the reapplying of permissions to the newly created replacement groupings.
What kind of thoughtlessness is that? A fresh start? who are they kidding?
Tim Harper
Oct 15, 2015, 7:03:38 PM10/15/15
to techies-f...@googlegroups.com
We get a daily export from Kamar of students and then run our own scripts on that to populate AD and GAFE.
The "down" side is that there are different usernames/passwords to use but my first requirement was to preserve and NOT to break existing access to AD/GAFE/Internet services as that was all set up prior to Kamar arriving a year ago.
This country does need an educational sector-wide IAM system!
regards,
Tim Harper
Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491
t...@mtaspiring.school.nz
www.mtaspiring.school.nz
Keith Craig
Oct 15, 2015, 7:37:44 PM10/15/15
to techies-f...@googlegroups.com
We put our staff & students into separate OU's in AD. KAMAR manages the student OU and we have some extra groups that we manage manually.
Best to do this at the start of the year.
Keith Craig BCom PGDipBus(IS) CNE
Systems Administrator
Systems Administrator
Phone +64 9 5231060 x843 Mobile +64 (0) 21541549
Kevin Whelan
Oct 16, 2015, 12:14:52 AM10/16/15
to Techies for schools
Ive just set it up clean as we weren't using their old service and we use gads,
I figure, and my plan was as long as you weren't changing anything in your existing AD structure then Gads is unaffected but getting kamar to sync to my original AD structure was rather frustrating and in the end impossible So I had to remake google sync/Office365 sync etc in the end change OU's etc
it is very limited in its customization and there isn't even a test run option, you just have to hope and hit go and then undo the mess in AD if its wrong which I think is its single biggest fault and shouldn't actually be released to market yet. It moved students out of my existing security groups which broke all sorts of permissions with things like radius,Azure, papercut and other synced directories.
it would work if you set up your AD directory exactly as they intend , but we all obviously have very different structures.
I have it working now through various work arounds and a lot of editing other established syncs and was far from happy with the experience and would suggest waiting till a few more versions.
BTW I'm not using any kamar password sync options so can't comment on those features
I figure, and my plan was as long as you weren't changing anything in your existing AD structure then Gads is unaffected but getting kamar to sync to my original AD structure was rather frustrating and in the end impossible So I had to remake google sync/Office365 sync etc in the end change OU's etc
it is very limited in its customization and there isn't even a test run option, you just have to hope and hit go and then undo the mess in AD if its wrong which I think is its single biggest fault and shouldn't actually be released to market yet. It moved students out of my existing security groups which broke all sorts of permissions with things like radius,Azure, papercut and other synced directories.
it would work if you set up your AD directory exactly as they intend , but we all obviously have very different structures.
I have it working now through various work arounds and a lot of editing other established syncs and was far from happy with the experience and would suggest waiting till a few more versions.
BTW I'm not using any kamar password sync options so can't comment on those features
Matthew Strickland
Oct 16, 2015, 6:52:50 PM10/16/15
to Techies for schools
I to am probably the same as Kevin Whelan but we use O365.
Didn't use their old service and I just made sure everything was matching before hitting the switch.
Backup first, disable DirSync and then view the outcome in AD. Students simply moved into the Kamar OU structure, no loss of groups attachment, just a quick reconfigure of group policy.
I then run a batch file on new student which calls a powershell script to populate pager, employeeID, exchAttribute fields for which I use for other services like papercut, accessit etc.
Password sync disabled. I pretty much don't do anything with new enrollments now.
Matt
Richard Symon
Oct 18, 2015, 3:39:31 PM10/18/15
to Techies for schools
I have been using Kamar Directory Sync Manager since it came out and was helping report bugs back to kamar (also had a separate test PDC and Kamar install on this as well to start with), yes I have had to adopt the OU structure it wanted, but I dont find it as bad as I have moved and re-made a few GP's (ie Folder Redirection) and replaced them under their folder structure, I dont use password sync from kamar to AD at all, but I do SYNC from kamar to AD, all students, and all staff and all groups (as I want the groups on google for emailing). and also run GADS and GAPS. I have had no problems with this system it works really well.. for my staff I did leave them as manual created users and then slowly moved them across to Kamar created users as all i did was put the pager line from the kamar user to the existing manual user, also the attribute for employee id and made sure the user account name was the same as the kamar one (or changed it to suit), and no problems, all very automated from kamar entry to a user on google.. as for passwords for new students I bulk change them all and they change it to what they want in a classroom and it sends it to Google
On Friday, October 16, 2015 at 11:29:57 AM UTC+13, Ict Technician wrote:
Reply all
Reply to author
Forward
0 new messages