Migrating from Network Users

Support for the old "Network Users" method of populating Active Directory is being dropped by KAMAR in 2016 in favour of using the newer ADMS.

As a result any school using Network Users (KAMAR AD Server service) will need to change over to KDMS service to continue the automated creation of users and groups based on those from KAMAR.

What needs to happen?

To swap from the old service to the new, the old service will need to decommissioned and the new service installed and configured.

Uninstalling Network Users (KAMAR AD Server)

Inside the installation folder for KAMAR AD Server you will find the Uninstall_Service.bat Windows batch file that first stops and then removes the service from the Domain Controller.

In the above example the location of this folder is "C:⧵Program Files (x86)⧵KAMAR AD Service" but this may not always be the case. If you are not sure and cannot ask whomever may have installed the service then you can check for the location of the service executable by looking at the properties of the service and the Services Management Console.

Once the old service has been uninstalled (or at the very least disabled so it will not run), you can install and configure the new service.

Configuring the new service to take over the Directory

Once the old service has been removed you can go ahead and install ADMS and then configure it, reusing the settings that were used in the Network Users configuration tabs from within KAMAR.

KAMAR Setup ADMS Setup

Using the existing OUs

For ADMS to use the current OUs you need to make sure that what has been configured in KAMAR (or what you see in the directory) has been used in the new config setup.

Make sure that the naming convention for the top level, student, staff (if being sent), groups and student year level OUs are the same.

NOTE: The new service does not delete OUs. If there is a name mismatch, a new OU will be created. In this case correct the config and perform a full sync to move users or groups to the desired OU.

Taking over existing users

'Network Users' identified managed users by finding either the student ID or teacher code in the Employee ID attribute of a user in the directory. ADMS works in exactly the same way.

If you have a directory that has been populated by Network Users and you have recreated the same OU structure in the ADMS config, then running the new service will not change this. Users will remain in the same OU as before.

User Settings

Settings from the user tabs under 'Network Users' in KAMAR are now set on the Domain Controller. These should also be replicated in the ADMS config, because if these differ then the new service will make changes to the existing users.

Usernames and logins are configured from within KAMAR as they are part of the data sent. There is no way to configure these from ADMS.

NOTE: The email addresses used by the new service are those stored against each user in KAMAR. There is no equivalent for email address or website in ADMS

Groups - This is Important!

This is where things change and it is very important to note.

The old 'Network Users' had a 'unique' and very non friendly naming convention for timetabled classes. Some names may be obvious, but others were very cryptic unless you were familiar with KAMAR timetabling.

These classes where also produced when found on a timetable grid in KAMAR. A side effect of this was that any class, even if it did not contain students, would be created in AD.

ADMS does not use this convention. If you use these groups in another directory then you will need to be aware of this change, as these groups will have all members removed from them.

The new convention is "Subject <subject code>" for subject groups and "Subject <subject code> Class <core grid or line reference>" for individual classes.

If you look at the example above you will see an art class called "84A-10ART-2." With the new service this class becomes "Subject 10ART Class 84A-2" (see below). What groups you see (require) will depend on the setup in your configuration.

Other optional groups are "Staff" and "Students" groups that contain all staff and all students respectively.

Groups based on staff classification and departments are prefixed with "Staff- <group name>" and "Dept- <department name>"

KAMAR student groups will be prefixed with "Group <name of group>". For these groups to be sent, other than enabling them in the ADMS config, they must be flagged to show on reports from within KAMAR itself.

After a full sync, all the old groups will have had all of their members moved to the new groups so (by default unless changed in the config setup) the old groups will be moved to the "Zero Members" OU.

Staff OUs - Possibly Important

Student OUs are set to year levels and there are presets for the format of these but staff are placed into OUs based on their classification as defined in KAMAR.

This behaviour hasn't changed bar one small but possibly important detail. Spaces in the names of staff classifications are now preserved. For example, an OU called "SupportStaff" created by the old service will be recreated by the new as "Support Staff".

The service does not delete OUs. If you are managing staff with the old service and wish to use the same OU you can add the spaces to the OUs (ie, rename them) and the service will use these OUs.

Automatic Update of User Data

With the old service, any time a change was made to student data and you wanted it to go through to the directory you were required to click a button and manually push this through.

While it is still possible to push student (and now staff also) data through manually there is no real need to.

NOTE: The old buttons will not work with the new service but are currently still there until support is fully withdrawn.

 

Upon leaving a student or staff member's record, KAMAR will check for changes to certain fields. If a change has been made then this user will be automatically sent to the service.

Under Setup → KAMAR → Server → Directory Services you will find a log showing the queue of recently sent updates.

Other Mentions

GROUPS

In the old services setup there was a facility for "Other Groups" where you could get the service to add users to non-KAMAR managed groups. Now that the configuration is on the Domain Controller there is no need for this.

If you have a non-KAMAR managed group that you want KAMAR managed users in, then simply add a KAMAR managed group(s) containing the users you wish to be members, to this group. Likewise, KAMAR only creates security groups so if you want a distribution group then create one and add KAMAR users to it.

You can create groups within the KAMAR managed Groups OU and as long as they have at least one member (doesn't even have to be a KAMAR managed member) they will stay there even after a full sync.

LEAVERS

Leavers are only removed after a full sync has been performed. Any person found within the staff or student OUs (and the OUs contained within) that was not part of the sync will be removed. You can create your own OUs within the KAMAR top level OU and any users or groups within those will not be touched, nor will they be managed.

Once a user has been marked as a leaver in KAMAR, their information will continue to be sent for 21 days. This is a grace period designed to allow for "house keeping" to take place. If you wish to block access to the network immediately, then for students, disable their account from the student tab under the Directory Services setup within KAMAR.

For staff members, disable the "Update Network User/IAM" checkbox on the staff tab under the Directory Services setup within KAMAR to remove them from the sync immediately.

Have more questions? Submit a request