Walkthrough Guide on How to Use Teams-to-AD Directory Sync Application
What does the application do?
It will connect to your Teams tenant, grab the assigned Teams Calling Numbers (known as LineURI) of all users and then update the telephoneNumber attribute of those users in On-Premises AD.
Prerequisites
Java 11 or higher
PowerShell 7.2
Installed PowerShell Modules:
MicrosoftTeams 4.3.0
Command to install:
Install-Module -Name MicrosoftTeams -RequiredVersion 4.3.0ActiveDirectory
Command to install:
Add-WindowsCapability -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 -Online
Encrypting Account Passwords
In order to run the app, you will need to provide some configuration properties required for the application to run. These include usernames and passwords for the following:
AD account with read/write access to the server and user search base
Teams Administrator account with MFA disabled
For increased security you should encrypt your passwords to avoid having them displayed in plain-text inside the application properties file.
Follow the steps below to encrypt this sensitive information.
Open a new command prompt.
Inside the shell, navigate to the directorysync folder (ex:
\Users\s8support\Desktop\directorysync)Run the encryptor application by typing
.\bin\encryptor.bat -eFollow the instructions provided to generate encrypted values for each of your passwords
How to Generate the Encrypted Password Value
You are now ready to create and configure your application properties file using your encrypted password values.
Configuration (Application Properties)
Create a file named
application.propertiesin the same directorysync folderCopy-paste the properties below to the file.
directorysync.msteams.credentials.username = directorysync.msteams.credentials.password = directorysync.ad.credentials.username = directorysync.ad.credentials.password = # If windows server is not on the domain, please uncomment below and provide domain controller fqdn # directorysync.ad.settings.server = directorysync.ad.settings.search_base = directorysync.ad.settings.extension_attribute = directorysync.ad.settings.phone_number_attribute = directorysync.logging.history_max_days =Fill out the required properties.
To use the encrypted passwords in the file, you will need to wrap the encrypted string with
ENC(<encrypted string>)(See example below)
How to Run the App From the Shell
Open a new command prompt
Inside the shell, navigate to the directorysync folder
Type
.\bin\directory-sync.batand hit ENTER
The application will initiate and run through the following tasks:
Connect to Microsoft Teams and find all users who have a
LineURIconfigured
Be patient, this process can take up to several minutes depending on the volume of Teams Calling users in your environment.Update those users
telephoneNumberattribute in local AD if the information is not up to date.Provide tally of the total number of updated users.
Log Output
The logs will be generated in a folder named logs located in the same directorysync folder..
How to Run the app from a different folder than the one containing the file
You will need to provide the path to the application.properties file by adding the spring.config.additional-location command line argument .
For example:
How to Set up a Windows Scheduled Task to Run the App
Open Task Scheduler
Select "Create Basic Task"
If you need more advanced options or settings such as multiple actions or triggers, choose "Create Task instead"
Provide a name and description and click “Next”
Set the desired trigger
Select when it should start and click “Next”
Select when it should recur and click “Next”
When selecting the action, choose "Start a program" and click “Next”
Provide the required fields and click “Next”
"Program/Script": Use the the file browser to navigate to the
directory-sync.batfile located in the\directory-sync\binfolder"Add arguments": Leave empty
"Start in":
<Path to directorysync folder>
If the path contains whitespace, you will need to surround the path with double-quotes (")
Click “Finish”