/
Task 3.16: Active Directory Integration

Badger TraCS Guides

Task 3.16: Active Directory Integration

Owned by Geraldine Polster
Last updated: Nov 28, 2023
7 min read

Task 3.16: Active Directory Integration

Purpose: Your agency currently uses TraCS to manage users and you want to switch to using Active Directory (AD) to manage users.

Requirements: Master computer.

  1. Create the required groups In Active Directory

TraCSLogin

TraCSAccessLevelAll Forms

TraCSAccessLevelViewOnly

TraCSAccessLevelBasicUser

TraCSAccessLevelCitationAmend

TraCSAccessLevelReporter

TraCSAccessLevelStatuses

TraCSAccessLevelSupervisor

TraCSAccessLevelSystemAdmin

TraCSAccessLevelConfidentialAdmin

TraCSAccessLevelConfidentialAttachment

  1. Create the following custom user attributes in Active Directory, using data-type Case Insensitive String:

TraCSEnterpriseDefaultsID

TraCSLocationDefaultsID

TraCSLocationID

TraCSNameSuffix

TraCSSecondaryUserID

TraCSUserDefaultsID

TraCSEncryptionKeyLabel

TraCSUserDefRank

TraCSUserDefDNROfficerIdentification

TraCSUserDefGroupID

TraCSUserDefBadgeNumber

TraCSUserDefRMSID

TraCSUserDefOfficerPhoneNumber

TraCSUserDefOfficerFaxNumber

 

Did You Know?

You can use the AD Schema snap-in to create the custom user attributes. For more information, see: http://www.showmehowtodoit.com/2012/create-custom-active-directory-attributes-for-user-properties/.

  1. Identify the associated users groups that your agency has defined in TraCS.

    1. Sign into TraCS with the system administrator account.

    2. Click Users tab.

    3. Click the User Groups button to open the User Groups Editor.

    4. Make a list of the TraCS associated user group names. These are the base group names for the next step.

  2. For each base group name, create the following groups in Active Directory. Group names take the form of

    1. TraCSGroupgroupname (This is the “target” group Example: TraCSGroupAll, TraCSGroupTroop1)

    2. TraCSAUgroupname_All Forms (Example: TraCSAUAll_All Forms, TraCSAUTroop1_All Forms)

    3. TraCSAUgroupname_Reporter (Example: TraCSAUAll_Reporter, TraCSAUTroop1_Reporter)

    4. TraCSAUgroupname_Supervisor (Example: TraCSAUAll_Supervisor, TraCSAUTroop1_Supervisor)

    5. TraCSAUgroupname_ViewOnly (Example: TraCSAUAll_ViewOnly , TraCSAUTroop1_ViewOnly)

    6. TraCSAUgroupname_ViewOnlyCases (Example: TraCSAUAll_ViewOnlyCases , TraCSAUTroop1_ViewOnlyCases)

    7. Add users to the appropriate TraCSGroupgroupname in Active Directory. For example, add all the users to TraCSGroupAll and add Troup one users to TraCSGroupTroop1. This is the target group upon whose forms access will be given.

  3. Review each user profile in TraCS and update TraCS specific attributes in the AD user profile.

    1. Click Users tab.

    2. Click the User button to open the User Editor.

    3. Press the search button.

    4. Select each user in turn and review the User Information.

    5. Update the user profile in Active Directory, filling in any missing attributes.

      • TraCSEnterpriseDefaultsID

      • TraCSLocationDefaultsID

      • TraCSLocationID

      • TraCSNameSuffix

      • TraCSSecondaryUserID

      • TraCSUserDefaultsID

      • TraCSEncryptionKeyLabel

      • TraCSUserDefRank

      • TraCSUserDefDNROfficerIdentification

      • TraCSUserDefGroupID

      • TraCSUserDefBadgeNumber

    6. If user has associated user access to forms, add the user to the appropriate TraCSAU groups to allow the user to acted upon the forms of other users in the target group.

      1. The part of the AD group name between “TraCSAU” and the underscore is the name of the associated user group.

      2. The part of the AD group name after the underscore is the access level.

  4. Examples:

    • User has view only access to all forms in TraCS. If the user has the ALL group assigned in Associated Users and All Forms and and View Only assigned in Associated Users Access Levels. Assign all the officers to TraCSAUAll_All Forms and TraCSAUAll_ViewOnly groups.

    • User does not have view only access to forms, but your agency has multiple officers contributing forms to the same case (same police number). The officer does NOT need to be able to view their co-workers’ forms, but you want them to be able to work on their own forms even if they are not the owner of the case: Assign the officers to TraCSAUAll_ViewOnlyCases groups.

    • User is office clerical staff or supervisor who must accept/reject/transmit or perform other functions on forms that requires the supervisor access level in TraCS. Assign the users who must have supervisor access for all users to the TraCSAUAll_All Forms, TraCSAUAll_Reporter and TraCSAUAll_Supervisor groups so that they may edit and approve forms written by any user.

    • User is office clerical staff or supervisor who must accept/reject/transmit or perform other functions on forms that requires the supervisor access level in TraCS on a sub-set of officers that has been assigned to a user group such as Troop1. Assign the users who should have supervisor access to forms written by troop 1 to the TraCSAUTroop1_All Forms and TraCSAUTroop1_ViewOnly groups.

  5. Configure TraCS to use Active Directory.

    1. Double click the shortcut for the TraCS Configuration Manager, located on your desktop.

    2. Sign in with a system administrator account.

    3. Click Setup tab.

    4. Click the Database Connections button.

    5. Select Other.

    6. Click Add.

    7. Enter Active Directory in the Name field.

    8. Click the OK button.

    9. Expand Other and select Active Directory.

    10. Configure the active directory settings.

      1. In the LDAP field, enter the LDAP connection string that points to the object where your users are contained. the connect string typically takes the form of LDAP://example.org/DC=example,DC=org

      2. In the LoginGroup field, enter TraCSLogin.

      3. In the AccessLevels field, enter True.

      4. In the AssocUsers field, enter True.

      5. In the UserGroups field, enter True.

      6. If your agency has nested the TraCS groups beneath another group in AD, enter True in the PrimaryGroup field and enter the name of the group to look under in the PrmGrpLDAP field.

      7. In the UserDefFlds field, enter True.

      8. Click the OK button to save and exit the connection string editor.

  6. Create the TraCS/AD associated user and the TraCS/AD template user.

    1. Click Users tab.

    2. Click the User button in the first row to open the User Editor.

    3. Click the Add User button in the user editor to create a new user.

    4. Enter #AD_AU_USER# in the Primary Officer ID field.

    5. Select Universal Key in the Encryption Key field.

    6. Add the following access levels in the Access Levels field:

      • All Forms

      • BasicUser

      • CitationAmend

      • Reporter

      • Statuses

      • Supervisor

      • SystemAdmin

      • ViewOnly

    7. Click the OK button to close the user dialog. (actual access levels assigned to users signing into field units will be overridden by access levels assigned to users in Active Directory in tasks 3.17(b) and 3.18(b).)

    8. Click the Add User button in the user editor to create a new user.

    9. Enter #AD_TEMPLATE_USER# in the User ID field.

    10. Select Universal Key in the Encryption Key field.

    11. Add the following access levels in the Access Levels field:

      • All Forms

      • BasicUser

      • CitationAmend

      • Reporter

      • Statuses

      • Supervisor

      • SystemAdmin

      • ViewOnly

    12. Click the Edit Associated Users button.

    13. Click the Enabled check box next to #AD_AU_USER#.

    14. Click the Apply button.

    15. Click the OK button to close the associated users dialog.

    16. Click the OK button to close the user dialog.

    17. Click the Close button.

Note: once AD is enabled, the first time a user logs into a TraCS workstation, a new user record is created in the TraCS User database from information gathered from AD and the TraCS template user. Users logging in subsequent times will have their user record updated in the TraCS User database with any updated AD information. Each time the user logs into TraCS, the associated users and user groups from AD are merged with the associated users and user groups in the TraCS Users database to create a merged copy to be used by the user while logged into TraCS.

If logging in through the Active Directory is unsuccessful (because it is unavailable), TraCS will prompt for a user name and password to log into TraCS manually, using the TraCS User database as backup authentication.

The field unit login is similar to the workstation approach. A successful login through AD will create a user file on the field unit from the information found in AD. If logging in through the AD is unsuccessful, TraCS will prompt for a user name and password to login to TraCS using the user file created from the last successful login.

  1. Create a new distribution by performing task 4.1.

    1. Update the login type in the configuration wizard before validating the form.

      1. Choose ActiveDirectory to log in without prompting the user for credentials. This option is only available to office workstation clients.

      2. Choose ActiveDirectoryPrompt to be prompted for credentials before logging in. This option is available to all clients.

    2. TraCS will switch to Active Directory login when the distribution is run.

Note: you can also turn on active directory log in by updating the configuration wizards on individual computers.

 

 

 

 

 

Related content

email badgertracs@dot.wi.gov or call 608-267-2096