Installation

To install and run SSIS Integration Toolkit for Directory Services, your system must have the following components installed. 

  • A supported SSIS design-time or run-time, which can be one of the following:
    • SSIS 2016
    • SSIS 2014
    • SSIS 2012
    • SSIS 2008 R2
    • SSIS 2008
    • SSIS 2005

    For SSIS runtime, the installation should be done by using the corresponding SQL Server installation media (most likely in CD/DVD format), and you must select the "Integration Services" component during the installation (as shown below).

    Integration Services Runtime Selection

    Note that when using SQL Server 2014, a cumulative update is required (a recent service pack, such as one of the following, is more preferred) in order to run our software during runtime.

    For SSIS design-time, you should be installing the version of SSDT (SQL Server Data Tools) or BIDS (Business Intelligence Development Studio) that aligns with the SQL Server version that you plan to use for your final deployment (the runtime).

    • When targeting SSIS 2016, you would use SSDT for Visual Studio 2015 available for download at https://msdn.microsoft.com/mt186501.aspx
      • Note that this SSDT installation can be used to target SSIS 2014 or 2012 as well.
    • When targeting SSIS 2014, you can use either one of the following:
    • When targeting SSIS 2012, you can use any one of the following:
    • When targeting SSIS 2008 R2 or earlier, you would have to install the Business Intelligence Development Studio that is shipped with the installation media of the corresponding SQL Server version. 
  • .NET Framework 3.5
    • For any version before v2.2, .NET Framework 3.5 is required. For v2.2 or later, .NET Framework 3.5 is only required when you use SSIS 2005.
      • If you are using Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP operating systems, you would install .NET framework by downloading it from Microsoft website.
      • If you are using Windows Server 2008 R2 or 2012 family of operating systems, .NET framework 3.5 should be installed using Server Manager program by adding .NET Framework 3.5.1 features.
      • If you are using Windows 8, go to Control Panel -> Programs and Features -> Turn Windows features on or off, then select .NET Framework (includes .NET 2.0 and 3.0).
  • Windows Installer 4.5
    • If you are using Windows Server 2008, Windows Server 2012 family of operating systems or later (including Windows Vista, Windows 7, Windows 8, Windows Server 2012 R2, Windows Server 2016), you do not need to do anything since the latest Windows Installer has been installed by the operating system.
    • If you are using Windows Server 2003 family of operating systems (including Windows XP), you should install Windows Installer 4.5 by downloading it from Microsoft website.

When you have confirmed that your system satisfies the above prerequisites, you can navigate to the KingswaySoft website at http://www.kingswaysoft.com to download the installation package. In the download page you will find two download links; one for x86 systems and one for x64 systems. Make sure to choose and download the correct package for your system. 

download options

After you have downloaded the package, you can install the software by following the installation wizard. 

Using the Active Directory Connection Manager

The Active Directory Connection Manager is an SSIS connection manager component that can be used to establish connections with Microsoft Active Directory.

To add an Active Directory connection to your SSIS package, right-click the Connection Manager area in your Visual Studio project, and choose "New Connection..." from the context menu. You will be prompted the "Add SSIS Connection Manager" window. Select the "ActiveDirectory" item to add the new Active Directory connection manager.

new connection

Add Active Directory Connection

The Active Directory Connection Manager contains the following two pages which configures how you want to connect to Microsoft Active Directory.

  • General
  • More Info 

General page

The General page on the Active Directory Connection Manager allows you to specify general settings for the connection.

Active Directory Connection Manager

Domain 

The Domain field lets you specify the domain name of the directory to connect to. The domain name should be the fully qualified name.

User Name

The User Name field allows you to specify the user account that you want to use to connect to your Active Directory. Depending on how you want to manipulate your data, the user account needs to have proper privileges to do so. 

Password

The Password field allows you to specify the password for the above user account in order to authenticate with Active Directory.

NOTE: By default, the Password is not shown in the Active Directory connection manager's ConnectionString property. This is done by design for security reasons. However, you can include it in your ConnectionString if you want to parameterize your connection manager. The format would be Password=myPassword; (make sure you have a semicolon as the last character). It can be placed anywhere in the ConnectionString property.

Context Binding

By default, 'Negotiate', 'Sealing', and 'Signing' are checked. You would specify the Context Binding according to your AD Setup.

Test Connection

After all the connection information has been provided, you may click the "Test Connection" button to test if the user credentials entered are correct.

More Info page

The More Info page shows some basic information about the toolkit. In this page, you can find the version information of the toolkit.

Active Directory Connection Manager

Adding SSIS Components to Business Intelligence Development Studio's Toolbox

SSIS Integration Toolkit for Directory Services includes two data flow components for use with Active Directory. They need to be added to the SSIS toolbox before you can use them in a SSIS data flow task.

NOTE: If you are using SQL Server 2012 development environment, you should not need to do this, as SQL Server 2012 automatically lists all available pipeline components by scanning the system. 

To add the data flow components, create a new data flow task if you do not have one yet and switch to the SSIS data flow page. Right-click on the toolbox area to bring up the context menu, where you can select the "Choose Items..." option as shown below.

choose items

You will be presented with a window called "Choose Toolbox Items". Switch to "SSIS Data Flow Items" tab, and select Active Directory Destination and Active Directory Source components from the list. 

Add Active Directory SSIS Components

Both data flow components should now appear in your SSIS Toolbox, where you can drag and drop any of them to the design surface of your SSIS data flow task. 

Using the Active Directory Source Component

The Active Directory Source Component is an SSIS data flow pipeline component that can be used to read / retrieve data from Active Directory.

The component includes the following two pages to configure how you want to read data from Active Directory.

  • General
  • Columns

General page

The General page of the Active Directory Source Component allows you to specify the general settings of the component. 

Active Directory Source Editor

Active Directory Connection Manager

The Active Directory source component requires an Active Directory connection in order to connect with Active Directory. The Active Directory Connection Manager drop-down will show a list of all Active Directory connection managers that have been created in the current SSIS package or project.

Source Object

The Source Object drop-down lists all of the currently supported objects which you can read from. The available objects include:

  • User
  • Group
  • Computer
Container Path

The Container Path text box lets you specify the Directory path that you want to narrow your search scope to. You can specify, for example, the organization unit to narrow your search to.

Search Criteria

You may use the Search Criteria to filter particular records according to your requirements. The Active Directory Search Criteria filter follows the Lighweight Directory Access Protocol (LDAP) filtering format.

  • All expressions should contain parentheses. Ex. (objectCategory=person)
  • You may use relational operators to form your expressions (ex. '<', '<=', '=', '>=', '>')
  • You may use compound expressions within your filtering such as '&' and '|'

For more information, you may refer to the Directory Searcher Filter Property page.

Refresh Component Button

Clicking the Refresh Component button causes the component to retrieve the latest metadata and update each field to its most recent metadata.

Columns page

The Columns page of the Active Directory Source Component shows you all available attributes from the object that you specified on the General page. 

Active Directory Source Editor

Source Object & Container Path Combinations

Source Object Container Path Result
User Path to a User Object This combo will retrieve User metadata for the User object specified in the Container Path.
User Path to a Group Object This combo will retrieve all User objects & User metadata for members within the Group object specified in the Container Path.
User Path to an Organizational Unit Object This combo will retrieve all Users objects & User metadata that are contained within the Organizational Unit object specified in the Container Path.
User Other Objects Other Objects such as Computers are not supported. No results will return.
Group Path to a User Object This combo will retrieve Group metadata for all Groups objects that the User object specified in the Container Path are a member of.
Group Path to a Group Object This combo will retrieve Group metadata for all Group objects that the Group object specified in the Container Path are a member of, including itself.
Group Path to an Organizational Unit Object This combo will retrieve all Group objects & Group metadata that are contained within the Organizational Unit object specified in the Container Path.
Group Other Objects Other Objects such as Computers are not supported. No results will return.
Computer Path to an Organizational Unit Object This combo will retrieve all Computer objects & Computer metadata that are contained within the Organizational Unit object specified in the Container Path.
Computer Path to a Computer Object This combo will retrieve Computer metadata for the Computer object specified in the Container Path.
Computer Other Objects Other Objects such as User are not supported. No results will return.

Reading from Custom Attributes

It is possible to read data from custom attributes in Active Directory. By default, custom attributes cannot be detected in the Source component. In version 2.x and above, in the Columns page of the AD Source Component, there is an 'Add' button, to manually add the custom field. If you select this button, you can add custom fields by entering the following information:

Add Active Directory custom field

Field Name

Specify the Field Name of the custom field that you would like to read from.

Data Type

Select the Data Type drop down of the field type.

Length

Choose the Length of the Data Type for your custom field.

With previous versions, 1.1 and 1.2, if you open the Advanced Editor for the Active Directory Source component, and go to the `Input And Output Properties` tab, you can add columns for your custom attributes. The `Name` field can be used as the display name for your custom attribute, and most importantly of all, the `Description` field needs to be populated with the actual name of your custom attribute. The Active Directory Source Component reads the value saved in the Description field to determine what to query your Active Directory with. Also note, the column should be added to the `Output Columns` list.

Advances Source Editor

Reading from Array Attributes

It is possible to read from attributes that contain multiple values and are stored as array objects. For example, the `Telephone` attribute can store multiple entries. When attempting to read from array attributes, these values will be concatenated into delimited text using a semicolon (;) as delimiter. If your attribute value contains the semicolon delimiter character, your attribute value will be escaped with double quotes (").

Note:This feature is not available in version 1.0.

Using the Active Directory Destination Component

The Active Directory Destination Component is an SSIS data flow pipeline component that can be used to write data to Active Directory. You can create, update, or delete objects with this component. There are three pages of configuration:

  • General
  • Columns
  • Error Handling

The General page is used to specify general settings for the Active Directory Destination Component. The Columns page allows you to map the columns from upstream components to Active Directory attributes in the destination object. The Error Handling page allows you to specify how errors should be handled when they occur. 

General page

The General page allows you to specify general settings for the component. 

Active Directory Destination Editor

Active Directory Connection Manager

The Active Directory Destination Component requires a Active Directory connection. The Active Directory Connection Manager option will show all ActiveDirectory connection managers that have been created in the current SSIS package or project.

Destination Object

The Destination Object option allows you to specify which object to write data to. The available destination objects include:

  • User - using User option, you can create, update or delete Active Directory users
  • Group - allows you to create, update or delete Active Directory groups
  • GroupMembership - using GroupMembership option, you can add users to Active Directory groups using Create action, and delete users from Active Directory groups using Delete action
Action

The Action option allows you to specify how data should be written to Active Directory. There are currently five (5) supported action types available.

  • Create - Create new object(s).
  • Update - Update existing object(s).
  • Upsert (since v2.0) - Updates or creates object(s) based on primary key field (UserPrincipalName)
  • Delete - Delete object(s).
  • Move (since v2.3)  - Move or rename an AD object.
Container Path

The Container Path text box specifies the Directory path in which you want to manipulate Active Directory data. Note that some combinations of Container Path, Destination Object and Action may not be supported, in some cases they may produce undesired results. Make sure to select the intended container path when configuring the destination component.

Note that the Container Path option is not used by the Move action.

Refresh Component Button

Clicking the Refresh Component button causes the component to retrieve the latest metadata and update each attribute to its most recent metadata.

Map Unmapped Fields Button

By clicking this button, the component will try to map any unmapped Active Directory attributes by matching their names with the input columns from upstream components. This is useful when your source component has recently added more columns, in which case you can use this button to automatically establish the association between input columns and unmapped destination attributes.

Clear All Mappings Button

By clicking this button, the component will reset all your mappings in the destination component.

Columns page

The Columns page of the Active Directory Destination Component allows you to map the columns from upstream components to destination attributes. 

In the Columns page, you would see a grid that contains three columns as shown below.

Active Directory Destination Editor

  • Input Column - You can select an input column from an upstream component here.
  • Destination Active Directory Field - The Active Directory attribute/field that you are writing data. 
  • Data Type - This column indicates the type of value for the current attribute.

Writing to Custom Attributes

It is possible to write data to custom attributes in Active Directory. By default, custom attributes cannot be detected in the Destination Component. In version 2.x and above, in the Columns page of the AD Destination Component, there is an 'Add' button, to manually add the custom field. If you select this button, you can add custom fields by entering the following information:

Add Active Directory custom field

Field Name

Specify the Field Name of the custom field that you would like to write to.

Data Type

Select the Data Type drop down of the field type.

Length

Choose the Length of the Data Type for your custom field.

With previous versions, 1.1 and 1.2, if you open the Advanced Editor for the Active Directory Destination Component, and go to the `Input And Output Properties` tab, you can add columns for your custom attributes in the External Columns. The `Name` field can be used as the display name for your custom attribute, and most importantly of all, the `Description` field needs to be populated with the actual name of your custom attribute.

Advanced destination editor

Note:This feature is not available in version 1.0.

Error Handling page

The Error Handling page allows you to specify how errors should be handled when they happen. 

Active Directory Destination Editor

There are three options available. 

  1. Fail on error
  2. Redirect rows to error output
  3. Ignore error

When the Redirect rows to error output option is selected, rows that failed to write to Active Directory will be redirected to the 'Active Directory Destination Error Output' output of the Destination Component. As indicated in the screenshot below, the green output connection represent rows that were successfully written, and the red 'Active Directory Destination Error Output' connection represents rows that were erroneous. The 'ErrorMessage' output column found in the 'Active Directory Destination Error Output' may contain the error message that was reported by Active Directory or the component itself.

error output

NOTE: Use extra caution when selecting Ignore error option, since the component will remain silent for any errors that have occurred.

Adding Users as members to Groups

By selecting the GroupMembership destination object in the Destination Component, you can add members to groups. The GroupMembership object has 2 fields, GroupName and UserName. Often times, users and groups live in different container paths. In order to create membership between users and groups that live in different container paths, you will need to specify the DistingushedName property in the GroupName or UserName fields. If DistingushedNames are not used, the component will attempt to look for objects with matching Name in the specified container path.

Contact Us

If you need any further assistance with the toolkit, please don't hesitate to contact us