Skip to main content

Configuring Microsoft Entra HR Roster Data Collector

Open iT collects Microsoft Entra HR roster data and sends it over to the server. This allows cloud-based server installation to integrate the Active Directory to its reports.

Setting Up Microsoft Entra Credentials

Use the openit_idpconnectorconsole utility to add credentials for Microsoft Entra HR roster data collection.

Step 1: Open Command Prompt

  1. Open a command prompt with Administrator level privileges.

Step 2: Navigate to the bin Directory

  1. Go to the bin directory, which is by default in C:\Program Files\OpeniT\Core\bin, run the command:

    Command Syntax
    cd <bin_dir>
    Example
    cd C:\Program Files\OpeniT\Core\bin

Step 3: Add Microsoft Entra Credentials

  1. Run the following command:

    Command Syntax
    openit_idpconnectorconsole azure credential add

  2. Enter the required details when prompted:

    • Tenant ID
    • Client ID
    • Client Secret

    Example
    Tenant ID: a1b2c3d4-5678-90ab-cdef-1234567890ab
    Client ID: 9f8e7d6c-5b4a-3210-fedc-ba0987654321
    Client Secret: V~8Qx7LkP2mN9rT5sW0yZ!aBcDeFgHiJkLmNoPqRsTuVwXyZ123

Step 4: (Optional) Add Multiple Microsoft Entra Accounts

If you need to collect HR roster data from multiple Microsoft Entra accounts, use the --name parameter:

Command Syntax
openit_idpconnectorconsole azure credential add --name <name>

where <name> is the name of the account you want to use for data collection.

Example
openit_idpconnectorconsole azure credential add --name azure1

Step 5: Verify the Credentials

  1. Verify the default credential:

    Example
    openit_idpconnectorconsole azure credential verify

  2. Verify a named credential:

    Example
    openit_idpconnectorconsole azure credential verify --name <name>

    where <name> is the name of the account you want to verify.

  3. Confirm that the output indicates a successful connection:

    Sample Output
    Connection verified successfully. Access token acquired, expires on 2026-04-13 08:53:22 +00:00.
    Connection verified successfully.
note

Open iT saves the hashed credential file, idpconnector.db, in the OpeniT directory, which is by default in C:\ProgramData\OpeniT. When using the --name parameter, Open iT appends the credentials to the same file, allowing multiple accounts to be managed within a single location.

Activating Microsoft Entra HR Roster Data Collection

Step 1: Open Command Prompt

  1. Open a command prompt with Administrator level privileges.

Step 2: Navigate to the bin Directory

  1. Go to the bin directory, which is by default in C:\Program Files\OpeniT\Core\bin, run the command:

    Command Syntax
    cd <bin_dir>
    Example
    cd C:\Program Files\OpeniT\Core\bin

Step 3: Activate Microsoft Entra HR Roster Data Collection

  1. Run the following command to enable Microsoft Entra HR roster data collection:

    Command Syntax
    openit_oconfinit -u "collect_azuread.root.scheduler.jobs.collect_azuread.general.active=true"

Verifying Data Collection

After configuration, you can verify that the Microsoft Entra HR roster data is collected by following these steps:

Step 1: Open Command Prompt

  1. Open a command prompt with Administrator level privileges.

Step 2: Navigate to the bin Directory

  1. Go to the bin directory, which is by default in C:\Program Files\OpeniT\Core\bin, run the command:

    Command Syntax
    cd <bin_dir>
    Example
    cd C:\Program Files\OpeniT\Core\bin

Step 3: Run the HR Roster Collection Command

  1. Execute the following command:

    Command Syntax
    openit_idpconnectorconsole azure collect hrroster --output "C:\ProgramData\OpeniT\data\temp\IdpConnector\Azure\HRRoster\azuread.tsv" --fields userPrincipalName displayName onPremisesSamAccountName department division employeeType city mail officeLocation jobTitle

Step 4: Verify the Output File

  1. Navigate to C:\ProgramData\OpeniT\data\temp\IdpConnector\Azure\HRRoster.

  2. Verify that the file azuread.tsv is created.

    Sample File Content
    #userPrincipalName	displayName	onPremisesSamAccountName	department	division	employeeType	city	mail	officeLocation	jobTitle
    john_doe_domain_example_test#EXT#@corp.example.test	John Doe						john_doe@example.com		
    jane_doe_corp_example_test#EXT#@demo.example.test	Jane Doe						jane_doe@example.com		
    juan_delacruz_demo_example_test#EXT#@domain.example.test	Juan Dela Cruz						juan_delacruz@example.com		
    maria_delacruz_domain_example_test#EXT#@corp.example.test	Maria Dela Cruz						maria_delacruz@example.com			
    juan_delacruz@domain.example.test	Juan Dela Cruz	user_zeta	Department01				user_mu@example.com	Office01	Role01
    maria_delacruz_corp_example_test#EXT#@demo.example.test	Maria Dela Cruz						user_nu@example.com		
    user_alpha_demo_example_test#EXT#@domain.example.test	User Alpha						user_xi@example.com		
    user_beta@domain.example.test	User Beta	user_eta	Department02			City01	user_omicron@example.com	Office01	Role02
    user_gamma@corp.example.test	User Gamma	user_theta	Department03				user_pi@example.com	Office02	Role03
    user_delta_demo_example_test#EXT#@domain.example.test	User Delta						user_rho@example.com