Last updated 20 June 2023

AD Data Exchange

The AD Data Exchange (Active directory data exchange) module allows data to move between IRIS Cascadeand active directory.

AD Data Exchange can benefit both HR and IT departments. It saves having to enter the same information into both systems.

For example, if somebody gets married and changes their surname, you can make the change this via self-service in IRIS Cascade and automatically update AD with this change.

The data can synchronized from AD to IRIS Cascade, from IRIS Cascadeto AD or a bit of both.

If you work in the IT department, you can find some more technical questions and answers. Refer to AD Data Exchange - Technical notes

Common questions

What data can be synchronized?

As long as the fields exist in both AD and IRIS Cascade, most data that is stored against an employee can be synchronized. There are exception, such as pictures or image files. You can synchronize the file name but not the actual files themselves.

How to decide what data should be synchronized?

This needs to be a joint decision between HR and IT. Both departments should sit down and discuss which system they want to be the master source for the fields to be synchronized.

A good place to start is think about the common data you have to key into each system where the other department is telling you what the data is. For example, IT more than likely decide what an employee’s email address, so, for Email Address, AD is more suited to be the master source. For things like personal and work related details such as Names, Job Titles, line manager and so forth, IRIS Cascade is more suited to be the master source as HR deals with this information.

How does the synchronization work?

The data is exchanged between AD and IRIS Cascade using web services. The data is sent and received to and from AD by being passed to and from a Web Service IRIS Cascade installs on your network. This web service then performs direct LDAP queries against AD and commits the data or passes the required data back to IRIS Cascade.

What if we are on the IRIS Cascade Cloud?

This is fine. We just need a webserver on your network to install the web service on and that can be accessed from our servers on port 443.

Who does the data synchronize for?

The data synchronizes for all employees who have a user account to IRIS Cascade and who log into IRIS Cascade using their AD username.

What testing is performed?

The AD Data exchange service is installed in two steps.

Initial installation and setup
Service set to live, typically then five days (or more) later

After the initial installation the service runs in ‘test’ mode only. The service is fully configured but does not actually commit any data to IRIS Cascade or AD. Instead, the data the service commits, if live, is logged to a log table which you can see in IRIS Cascade. Both IT and HR can then review the log table to confirm both departments are happy with the data to be committed.

Can the service create users in AD?

No. The users still need to be created in AD manually.

Can the service disable accounts in AD for leavers?

Yes, we can set a user’s account as disabled based on the Left Date, on the leaver screen, from IRIS Cascade. Once the left date is passed the account in active directory can be marked as disabled.

How often does the service run?

The service runs once a day.

Did you find the Help Centre useful today?