Configure Active Directory synchronization with the Project Server 2007 Enterprise Resource Pool
Topic Last Modified: 2008-04-28
Project Server 2007 Enterprise Resource Pool synchronization is used to create or update multiple Project Server enterprise resources at once. Project Server enterprise resources can also be automatically activated and deactivated based on group membership in the Active Directory directory service. For example, new employees in your department can automatically be added as Project Server enterprise resources as long as they are in the Active Directory group selected for synchronization. Conversely, employees who are removed from the Active Directory group have their Project Server accounts deactivated upon synchronization.
Enterprise Resource Pool synchronization also updates enterprise resource properties with the most current data from Active Directory. For example, an employee's name and e-mail address may change due to marriage. As long as the change is made in Active Directory and the user is in the linked group, the change occurs in the user’s Enterprise Resource properties when synchronization occurs.
The Enterprise Resource Pool can be mapped to a single Active Directory group for synchronization. This Active Directory group can, however, contain nested groups whose members are also synchronized.
The following actions can occur during the Enterprise Resource Pool synchronization process:
A new Project Server enterprise resource and corresponding user account can be created based on an Active Directory account.
An active Project Server resource/user account can be deactivated.
An existing Project Server user account’s metadata (for example, name, e-mail address, and so on) can be updated if it has changed in Active Directory.
A previously inactive Project Server resource/user account can be reactivated.
Before you perform this procedure, confirm that:
You have read Manage Active Directory synchronization in Project Server 2007.
You have access to Project Server through Project Web Access with an account with the Manage Active Directory Settings and the Manage users and groups global settings.
The Shared Services Provider (SSP) service account for the Project Server instance has Read access to all Active Directory groups and user accounts involved in the synchronization. You can verify this account in the SSP's properties on the Shared Services Administration page on the SharePoint Central Administration Web site.
For more information about the SSP service account, see Plan for administrative and service accounts (Project Server).
To configure Enterprise Resource Pool synchronization
Use this procedure to configure Enterprise Resource Pool synchronization in Project Server 2007.
The following table describes possible scenarios and corresponding actions that occur when Enterprise Resource Pool synchronization takes place:
Scenario | Action |
---|---|
The user exists in Active Directory and is a member of the Active Directory group mapped to the Enterprise Resource Pool. The user does not exist in Project Server. |
A new corresponding Project Server user and enterprise resource is created in Project Server and added to the Team Members Project Server security group. |
The user exists in Project Server, but does not exist in Active Directory or is not a member of the Active Directory group mapped to the Enterprise Resource Pool. |
The corresponding Project Server user account status is set to inactive. |
The user exists in Active Directory and is a member of the Active Directory group mapped to the Enterprise Resource Pool. The user exists in Project Server as an enterprise resource and a user. The user's information has been updated in Active Directory. |
The corresponding Project Server enterprise resource and user information is updated (if applicable). |
The user exists in Active Directory and is a member of the Active Directory group mapped to the Enterprise Resource Pool. The user exists in Project Server, but as an inactive account. |
If the Automatically reactivate currently inactive users if found in Active Directory during synchronization resource option is selected in Project Server, the account is reactivated. If the option is not selected, the account remains inactive in Project Server. |
Configure Enterprise Resource Pool synchronization
On the Project Web Access Home page, click Server Settings.
On the Server Settings page, in the Operational Policies section, click Active Directory Resource Pool Synchronization.
On the Active Directory Enterprise Resource Pool Synchronization page, in the Active Directory Group section, under Active Directory Group to Synchronize, click Find Group.
On the Find Group in Active Directory — Webpage Dialog page, in the Group Name field, enter all or part of the name of the Active Directory group which you want to synchronize with the Enterprise Resource Pool. Click the button next to the field to search the Active Directory forest based on your search criteria.
To select a group from a remote forest, type the fully qualified domain name of the group (for example, group@corp.contoso.com). You can synchronize to a security or distribution group of any scope (Local, Global, or Universal).
Note
The Active Directory forest that is searched is shown at the top of the Find Group in Active Directory — Webpage Dialog page. The forest is defined by the fully qualified domain name of the account for the Shared Services Provider on which the Project Server instance is running.
From the Group Name list, select the group with which you want to synchronize your Enterprise Resource Pool. Click OK. When you do so, the Active Directory group membership of the selected group is put into memory. This includes all users who are members of nested active directory groups across domains and forests.
On the Active Directory Enterprise Resource Pool Synchronization page, you should see the Active Directory group you selected next to Active Directory Group to Synchronize: in the Active Directory Group section.
If you want to configure synchronization to occur on a scheduled basis, in the Scheduling Options section, select Schedule Synchronization. Alternatively, you can choose to manually run Active Directory Enterprise Resource Pool synchronization. If you prefer the manual option, skip the following step and continue to step 8.
In the Frequency fields, define the frequency at which you want synchronization to occur between the Enterprise Resource Pool and the Active Directory group. This can be scheduled over a defined period of days, weeks, or months. Select a start date and time.
You can enable inactive accounts to be reactivated if they are found in the Active Directory group during synchronization. To do so, in the Resource Option section, select Automatically reactivate currently inactive users if found in Active Directory during synchronization. (For example, enabling this option would ensure that if an employee were rehired, the employee's user account would be reactivated).
Click Save to save the settings. Click Save and Synchronize Now if you want to synchronize your Enterprise Resource Pool immediately. If you choose not to schedule Enterprise Resource Pool synchronization, you can rerun it manually when needed by returning to this page and clicking Save and Synchronize Now.
You can check the status of the Enterprise Resource Pool synchronization by returning to the Active Directory Enterprise Resource Pool Synchronization page and reviewing the information in the Synchronization Status section. It contains information such as when the last successful synchronization occurred.