myDstny - Administrator : Setup of AD Connect Sync

To enable automatic synchronization of users from a Microsoft Azure Active Directory, an App registration must be set up. This must be done by an administrator.

Setup in Microsoft Azure Active Directory

Create a New App

1. Log in as an administrator at https://aad.portal.azure.com/
2. Navigate to Active Directory → App registrations → New registration
3. Give the application a name, e.g., Dstny AD Connect Sync.
   Note: Leave the Redirect URL field empty.
   
4. After registration, an Application (client) ID and Tenant ID will be generated. Dstny will need this information.
   

Assign Permissions

To retrieve all users and their group assignments, the new application must be granted access through API permissions.

To ensure our AD Connect Sync works properly, we require the following read permissions:

• User.Read.All
• Group.Read.All

How to Assign These Permissions:

1. Go to API permissions and select "Add a permission"
2. Choose Microsoft Graph
   
3. Select Application permissions
   
    
4. Search for user.read and choose User.Read.All
   
5. Click "Add permission"
6. Repeat the same steps for "Group.Read.All" and "GroupMember.Read.All"
   
7. Approve these permissions using Grant Admin consent
   

Create a Client Secret API Key

This API key is required by Dstny to gain final access to your Azure Active Directory. You can set an expiration date for this key.

1. Go to Certificates & Secrets
   
2. Under Client secrets, click New Client Secret (minimum 40 characters)
3. Name the key and set an expiration date
   
4. Click Add
5. The key will be shown only once on the next screen. 
   
   
6. Make sure to copy and store it in a secure location.

Activating AD Connect Sync in myDstny

The Client ID, Tenant ID, Client Secret (min. 40 characters), and the names of AD user groups* can now be shared with Dstny or added directly in self-service after Dstny has activated the module on your account.
*If an AD user group with active users does not already exist, you must create one in Azure AD. Only users in this group will be synchronized with the Dstny solution.

 

We recommend generating an AD report before the first AD sync is activated in myDstny – see guide below.

Synchronization

How AD Connect Sync Works and What Is Synchronized:

• Creation and deletion of users from the AD group to the telephony solution – requires users to have an email address and phone number (including country code) entered in AD:
  • Telephone number: Landline number
  • Mobile: Mobile number*
• Synchronization of user information from the AD group to the telephony solution, e.g., name, department, job title, city, and country**
• Schedule the synchronization to run at specific times or perform it manually via myDstny. A report is available after each synchronization.

* Does not apply to subscriptions or user licenses – these must be created/terminated via the myDstny portal or customer service
** Inactive AD users that are members of the AD group will also be synchronized by default but will be marked as “not searchable” in the Dstny solution

Checking Data from AD

Once the connection between AD and the Dstny telephony solution has been established, you can generate an AD report from myDstny.
This report provides a preview of what changes would be made by an AD sync if it were to run automatically.

What the AD Report Contains:
Missing users: 
Users who exist in your AD but are not created in the Dstny telephony solution.
→ These users will be created during a sync.

Users to be deleted: 
Users who exist in the Dstny solution but are no longer present in AD.
→ These users will be deleted from the Dstny solution.

Existing users: 
Overview of users who are present in both AD and the Dstny solution.

Updated users: 
Shows which users will be updated and which fields and information will be changed in the Dstny solution.

Scheduling AD Sync

Scheduled Synchronization

Once the AD report reflects the desired changes and updates, you can configure the sync frequency and notification recipients via myDstny.
You can also trigger a manual sync via myDstny.

FAQ – AD Connect Sync

• What is Dstny AD Sync?
  Dstny AD Sync is a tool for onboarding/offboarding users and maintaining user data.
  Once AD sync is enabled, your Azure AD becomes the master system.
   

• What data is synchronized?
  AD Sync transfers the following data from the AD group to the Dstny telephony solution:
  - Creation and deletion of users from the AD group to the telephony solution*
  - Synchronization of user information such as name, department, job title, city, and country
  - Users must be created with an email address and phone number (incl. country code) in the AD fields: Telephone number and/or Mobile number
  * Does not apply to subscriptions or user licenses – these must be created/terminated via the myDstny portal or customer service

  
   

• How are changes handled after an AD Sync?
  After each sync, you can receive an email with an Excel file showing the changes:
  Added users: users who were added
  Deleted users: users who were removed
  Updated users: users who were updated

   

• What if a user should not be synchronized?
  Users who should not be synchronized can be added to the Dstny user group "Non AD sync".
   
• What are the requirements for phone numbers in AD Sync?
  Phone numbers must include the country code (+45, +46, etc.) and must not contain other characters or letters.
   
• What if errors occur during synchronization?
  Errors encountered during synchronization will appear in the AD report.
  It is important to review these and correct the issues in your AD.
   
• What to consider when deleting users with active Dstny mobile numbers?
  The Dstny telephony solution has call routing rules to ensure mobile numbers can make and receive calls.
  Therefore, users should not be deleted via AD sync before their mobile numbers are either ported or canceled.