Active Directory Resource Pool Synchronization (Project Server 2010 settings)
Applies to: Project Server 2010
Topic Last Modified: 2015-04-17
The Active Directory Resource Pool Synchronization settings are available through the Microsoft Project Server 2010 Server Settings page in the Operational Policies section. For more information about related administrative settings, see Operational Policies (Project Server 2010 settings).
In this article:
Configure Active Directory Resource Pool Synchronization
Enterprise Resource Pool Synchronization scenarios
Requirements for synchronizing the Enterprise Resource Pool with Active Directory users in a different domain
Configure Active Directory Resource Pool Synchronization
Project Server 2010 Active Directory Enterprise Resource Pool synchronization is used to create or update multiple Project Server enterprise resources at the same time. Project Server enterprise resources can also be automatically activated and deactivated based on group membership in the Active Directory directory service. For example, new employees in your department can automatically be added as Project Server enterprise resources as long as they are in the Active Directory group selected for synchronization. Conversely, employees who are removed from the Active Directory group have their Project Server accounts deactivated upon synchronization.
Enterprise Resource Pool synchronization also updates enterprise resource properties with the most current data from Active Directory. For example, an employee's name and e-mail address may change because of marriage. As long as the change is made in Active Directory and the user is in the linked group, the change occurs in the user’s Enterprise Resource properties when synchronization occurs.
The Enterprise Resource Pool can be mapped to a single Active Directory group for synchronization. However, this Active Directory group can contain nested groups whose members are also synchronized.
The following actions can occur during the Enterprise Resource Pool synchronization process:
A new Project Server enterprise resource and corresponding user account can be created based on an Active Directory account.
An active Project Server resource/user account can be deactivated.
An existing Project Server user account’s metadata (for example, name, e-mail address, and so on) can be updated if it has changed in Active Directory.
A previously inactive Project Server resource/user account can be reactivated.
Before you perform this procedure, confirm the following:
You have access to Project Server through Project Web App with an account that has the Manage Active Directory Settings, the Manage Site Services, and the Manage users and groups global settings turned on.
The Service Application (SA) service account for the Project Server instance has Read access to all Active Directory groups and user accounts involved in the synchronization.
You can verify this account in the SA's properties on the Service Application Administration page on the SharePoint Central Administration Web site.
Enterprise Resource Pool Synchronization scenarios
The following table describes possible scenarios and corresponding actions that occur when Enterprise Resource Pool synchronization occurs.
Scenarios | Action |
---|---|
The user exists in Active Directory and is a member of the Active Directory group that is mapped to the Enterprise Resource Pool. The user does not exist in Project Server. |
A new corresponding Project Server user and enterprise resource is created in Project Server and added to the Team Members Project Server security group. |
The user exists in Project Server, but does not exist in Active Directory or is not a member of the Active Directory group that is mapped to the Enterprise Resource Pool. |
If Prevent Active Directory synchronization for this user is not enabled for the user account in Project Server, the corresponding Project Server user account status is set to inactive. Otherwise the account will stay active. |
The user exists in Active Directory and is a member of the Active Directory group that is mapped to the Enterprise Resource Pool. The user exists in Project Server as an enterprise resource and a user. The user's information has been updated in Active Directory. |
The corresponding Project Server enterprise resource and user information is updated (if applicable). |
The user exists in Active Directory and is a member of the Active Directory group that is mapped to the Enterprise Resource Pool. The user exists in Project Server, but as an inactive account. |
If the Automatically reactivate currently inactive users if found in Active Directory during synchronization resource option is selected in Project Server, the account is reactivated. If the option is not selected, the account remains inactive in Project Server. |
To configure Enterprise Resource Pool synchronization
On the Server Settings page, in the Operational Policies section, click Active Directory Resource Pool Synchronization.
On the Active Directory Enterprise Resource Pool Synchronization page, in the Active Directory Group section, under Active Directory Group to Synchronize, click Find Group.
On the Find Group in Active Directory — Webpage Dialog page, in the Group Name field, enter all or part of the name of the Active Directory group that you want to synchronize with the Enterprise Resource Pool. Click the button next to the field to search the Active Directory forest based on your search criteria.
To select a group from a remote forest, type the fully qualified domain name of the group (for example, group@corp.contoso.com). You can synchronize to a security or distribution group of any scope (Local, Global, or Universal).
Note
The Active Directory forest that is searched is shown at the top of the Find Group in Active Directory — Webpage Dialog page. The forest is defined by the fully qualified domain name of the account for the service application on which the Project Server instance is running.
From the Group Name list, select the group with which you want to synchronize your Enterprise Resource Pool.
Click OK. When you do this, the Active Directory group membership of the selected group is put into memory. This includes all users who are members of nested Active Directory groups across domains and forests.
On the Active Directory Enterprise Resource Pool Synchronization page, you should see the Active Directory group that you selected next to Active Directory Group to Synchronize: in the Active Directory Group section.
If you want to configure synchronization to occur on a scheduled basis, in the Scheduling Options section, select Schedule Synchronization. Or, you can choose to manually run Active Directory Enterprise Resource Pool synchronization. If you prefer the manual option, skip the following step. Step 11 describes how to use the Save and Synchronize Now button, which allows you to manually synchronize your Enterprise Resource Pool immediately.
In the Frequency fields, define the frequency at which you want synchronization to occur between the Enterprise Resource Pool and the Active Directory group. This can be scheduled over a defined period of days, weeks, or months. Select a start date and time.
You can enable inactive accounts to be reactivated if they are found in the Active Directory group during synchronization. To do so, in the Resource Option section, select Automatically reactivate currently inactive users if found in Active Directory during synchronization.
For example, an employee moves to a different role within their company and their Project Server user account is inactivated (they are removed from the Enterprise Resource Pool Active Directory group). The user later decides to go back to their old job, and they are added back to the Enterprise Resource Pool Active Directory group. If Automatically reactivate currently inactive users if found in Active Directory during synchronization is enabled, the user's account would be automatically reactivated upon synchronization.
Click Save to save the settings. Click Save and Synchronize Now if you want to synchronize your Enterprise Resource Pool immediately. If you decide not to schedule Enterprise Resource Pool synchronization, you can rerun it manually when you need to by returning to this page and clicking Save and Synchronize Now.
You can check the status of the Enterprise Resource Pool synchronization by returning to the Active Directory Enterprise Resource Pool Synchronization page and reviewing the information in the Synchronization Status section. It contains information such as when the last successful synchronization occurred.
Requirements for synchronizing the Enterprise Resource Pool with Active Directory users in a different domain
Imagine that you need to synchronize your Enterprise Resource Pool with Active Directory users that exist in a domain other than the one that Project Server 2010 is installed on. For example, your organization may acquire a new company, or your branch may need to add users from a different branch within your organization. In this scenario, a two-way trust relationship must exist between the domains in order for Active Directory users in one domain to synchronize with the Enterprise Resource Pool in a Project Server 2010 installation that exists on a different domain.
Note
Project Server 2010 does not support synchronizing your Enterprise Resource Pool or security groups with Active Directory users across different domains in which only a one-way trust relationship exists between domains. It is possible for Active Directory user to synchronize with SharePoint Server 2010 in a cross-forest deployment in which a one-way trust relationship exists between domains (see Resolve accounts across multiple forests (SharePoint Server 2010). However, Project Server 2010 does not support this scenario.
For more information about trust relationships in Windows Server 2008 and Windows Server 2008 R2, see Managing Trusts. For information about creating a two-way trust relationship between domains in Windows Server 2008 or Windows Server 2008 R2, see Create an External Trust.