Introduction - RM Education



Migrating RM Unify ProvisioningTransition from RM Learning PlatformIntroductionRM Unify can provision users from four different sources:An Active Directory (AD) in a school (standard or CC4)CSV filesRM Learning Platform (RM LP)MISAs RM LP reaches end of life during 2014/2015, customers who have previously chosen to provision into RM Unify from RM LP will need to switch to either AD provisioning (recommended) or CSV provisioning. This document details the process of switching to AD provisioning.OverviewCustomers will need to take the following steps in order to switch away from RM LP provisioning. Each step is described in more detail in the remainder of this document.Decide whether to switch to AD or CSV provisioningRaise a support call with RM to turn off LP provisioningThe remaining steps are only required if switching to AD provisioning. Schools using CSV provisioning from here can use the CSV export and ‘Sync users from CSV’ functionality. Download a CSV of users from RM UnifyAdd AD username and (optionally) email address to the CSVIf previously installed, uninstall RM Unify AD Sync Run our migration script (which will add details required for migration to your AD)Install and configure RM Unify AD Sync ServiceThe steps highlighted in red will result in a change of user experience for your users. All steps are described in more detail below.Decide whether to switch to AD or CSV provisioningRM recommends using AD provisioning with RM Unify. AD provisioning offers the following benefits:Automatic synchronisation of RM Unify users with your AD, meaning that there is no manual user management required in RM Unify.RM Unify usernames and passwords will match those in your AD, so there is no need for your staff and students to remember new credentials.With AD provisioning, email addresses are based on the user’s AD username by default, but it is possible to choose a different email address for each user by setting in an AD attribute.Some planned future RM Unify improvements will require AD provisioning.However, in the following situations you will not be able to use AD provisioning:You do not have a Microsoft Windows network with an Active Directory (either CC4, CC3 or standard AD).Not all of the users you wish to synchronise to RM Unify have individual AD accounts (for example, you have a shared login for year 1 but wish to allow year 1 students to use RM Unify); in this case, we would recommend creating individual user accounts in your AD.You do not have a licence for RM Unify Premium.The RM Unify AD Sync Service supports both situations where your school has its own AD and most situations where an AD is shared between schools. Please read the AD Sync Service documentation or contact RM for more details.Raise a support call with RM to turn off LP provisioningOnce you are ready to go ahead with your migration, you will need to raise a support call with RM to turn off LP provisioning. Please be aware that this can take several days to process, as we will need to make sure that all in-flight changes have made it to RM Unify.When we complete this process, the login page your users see will change. Where today they see the RM LP login screen when logging in to RM Unify:They will instead see the RM Unify login screen:Users can log in to the RM Unify login page using the same credentials that they were using to log in to RM LP.It is, however, worth noting that their full username now contains an additional element – the first part of your school’s RM Unify URL (e.g. if your URL is then the RM LP user jsmith becomes jsmith@example). They won’t need to know this if they log in to RM Unify using your school URL, as it will be pre-filled for them (as shown in the screenshot). However, they may need to know this if they go direct to an app and click on a “sign in with RM Unify” button.Note: Where a user goes directly to an app and clicks on the “sign in with RM Unify” button in the app, they may still be redirected to the RM LP login page for up to 72 hours after switchover. In this case, they will still be able to successfully log in using the RM LP login page and their RM LP credentials during this period.Download a CSV of users from RM UnifyLogon to RM Unify as a user with admin rights.Click Management Console>Sync users from CSV Click on “Generate a CSV of all my RM Unify users”Add AD username and (optionally) email address to the CSVIn order to move existing RM Unify users over to AD provisioning, the RM Unify AD Sync Service needs to know which existing RM Unify user each AD user corresponds to.This is achieved by writing an extra user attribute to your AD, containing the RM Unify PersonID for the user (first column in the spreadsheet you just downloaded). We provide a PowerShell script to help with this (see step REF _Ref388534599 \r \h 5).To prepare for running the PowerShell script, add the AD account name for each user to the CSV file you downloaded in step REF _Ref388531666 \r \h 3:In column K of the CSV, write “ADAccountName” in row 1.For each subsequent row, write the AD account name (Name attribute in AD) corresponding to the RM Unify user.When you start AD provisioning, the RM Unify usernames for all users will be updated to match the usernames in your AD. By default, their email addresses will also update to be based on your AD usernames, provided the email address has not previously been assigned to a different Unify user. For example, if jsmith in your AD was jsmith123 in RM LP and had the email address jsmith123@myschool.la.sch.uk in Office 365 or Google Apps, they will be updated to have the RM Unify username jsmith (full username jsmith@myschool, assuming your RM Unify URL is ) and email address jsmith@myschool.la.sch.uk (provided the email address has not previously been assigned to a different Unify user).Note: When connecting RM Unify to Office 365, if the brownfield user matching process was followed, any email addresses explicitly chosen at this point will be maintained for the user and not overwritten by the new email address. If you do not want email addresses to be updated as part of the migration, you will also need to specify email addresses in the CSV file by adding another new column:In column L of the CSV, write “Email” in row 1.In each subsequent row, write the email address you would like the user to have. If you wish to preserve their existing email addresses, you can quickly do this in a spreadsheet using a formula – for example, in Excel type “=CONCATENATE(B2,"@myschool.la.sch.uk")” in cell L2 (substituting @myschool.la.sch.uk with your school’s email domain) and copy this down to all the subsequent cells in column L.Note: Column I of the CSV exported from RM Unify may contain the home email address for a user if they have set it to be used for password resets. This is a personal email address and not the address to be used for Office 365. Column I should be ignored when following this process. Carefully review the CSV file to ensure you have matched AD and Unify users correctly.Save the CSV file, ensuring you continue to save it in the CSV format (rather than, for example, as an .xlsx file).Run our migration scriptOur migration script will add the RM Unify PersonID and, optionally, email address to your AD.By default the migration script places the PersonID in an AD attribute called “rmCom2000-UsrMgr-uPN”. This exists in CC4 networks, but not in other networks. For other networks, you will need to choose an alternative unused attribute (for example, “otherPager” is probably unused). You can use ADSI Edit to find a free attribute – view properties on a user to see all attributes.If the “Email” column exists in the spreadsheet, the script will also populate the AD “mail” attribute with the values from the “Email” column.To run the script, you will need to logged in as a domain administration to either a domain controller with Windows Server 2008 r2 or better, or a domain-joined workstation with the Remote Server Administration Tools installed (these require Windows 7 or better).Save the script and your CSV file to a directory on the computer.Open a command prompt and type “powershell -ExecutionPolicy unrestricted”.Change to the directory containing the script (e.g. type “cd C:\Temp\” if the script is in C:\Temp\).Run the script, initially using -WhatIf (which makes it tell you what it would do, rather than make any changes):CC4: .\Set-RMUnifyPersonID.ps1 EstablishmentUsers.csv -WhatIfOthers: .\Set-RMUnifyPersonID.ps1 EstablishmentUsers.csv -ADAttribute otherPager –WhatIf** This assumes that you would like to use otherPager as the attribute to store RM Unify PersonID on non-CC4 networks – change the command above to use a different attribute if desired.The script will output some basic diagnostic information and save a more detailed log to log.txt in the current directory. Carefully review all output. If you are happy with the results, run again without the -WhatIf option.The script will not (by default) overwrite any existing values in the attributes it modifies. If you would like it to, add the -Force attribute to the command-line.When you first run the RM Unify AD Sync Service it will find all users and:Any user in your AD that has an RM Unify PersonID in the specified attribute will be linked to their existing Unify accountAny user in your AD that does not have an RM Unify PersonID in the specified attribute will be created as a new user in RM Unify. Any user in RM Unify that is not associated with an AD user will continue to exist, but will not be updated in future. RM Support can assist you with instructions on how to delete these users at a later date if required. The user grid in the Management Console – Filters can be used to find users from AD, CSV or IDMInstall and configure RM Unify AD Sync ServiceYou will need RM Unify AD Sync Service v2 or better. Follow the instructions in the RM Unify AD Sync Release Note to install the software and run the configuration tool for the first time. If you are using CC4, proceed to Step 4.If you are not using CC4 (so have added PersonID to an attribute other than rmCom2000-UsrMgr-uPN), you will need to do the following after first running the configuration tool but before clicking on “new AD filter”:Close the configuration toolOpen: C:\Program Files (x86)\RM\RM Unify AD Sync Service\works.IdentityManagement.configFind the line that reads <add key="IdentityGuidSource" value="rmCom2000-UsrMgr-uPN" /> and modify rmCom2000-UsrMgr-uPN to the attribute you wish to useReopen the configuration tool Create AD filters and role mappings as requiredIf you have also specified email addresses for users, be sure to set the email attribute to “mail” when adding a new AD filter.When a new AD filter is added, your users will be synchronised with RM Unify. This will change the RM Unify username of all users to match their SamAccountName in Active Directory. If you did not specify email addresses in your CSV, this will also update all email address to be based on AD usernames.Set up MIS synchronisation for RM Unify (when available)We will shortly be releasing MIS synchronisation for RM Unify. This will allow your user accounts (synchronised from your AD) to be augmented with extra information from your MIS.We recommend setting this up as soon as it is available. If your MIS is RM Integris, we will do this for you as part of step REF _Ref388537260 \r \h 2. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download