1. Kindly enter the verified domain and click on Authorize as shown below,  

2. Now access the link who has SDadmin with Org admin privilege.

3. Once approved, kindly ask the admin to navigate to the AD machine and search for adsi edit tool or Open a command prompt, type adsiedit.msc and press Enter to start the ADSI Edit configuration tool. Right-click ADSI Edit, and then select Connect to. (ADSI Edit is an AD editor tool that lets you to view, edit or change AD objects)

4. You can copy the LDAP server name right next to the Default naming context as shown below and paste it under the LDAP server name in the provisioning app.

5. Then go to ADSI edit tool again, make a right click on the OU from where the Cx wanted to fetch the users  and click on Properties → Attributes →  Distinguish Name and paste the same under Base DN in the provisioning app.

6. Similarly, copy the distinguish name of the LDAP Administrator DN and paste the same under Authorized user and ask them to enter the LDAP credentials.

7. Then click on Next, to the provision tab to continue with Import or sync users.
   

FAQ's on provisioning app:

Basically, this query (objectClass=user) will fetch both disabled and active users. However you can use the below query  to fetch only active users,

(&(objectCategory=User)(!userAccountControl:1.2.840.113556.1.4.803:=2))

How the Synchronization happens

The Provisioning App queries LDAP and gets a list of Users from LDAP.It then gets your organization's Users from Zoho accounts. Users are excluded based on the exclusion rules. The Provisioning App then compares the Users got from LDAP queries and Zoho and handles the following cases:

    The Users available in LDAP but not in Zoho: These users would be added to Zoho and then be added as Requesters in ServiceDesk Plus On-Demand

    The Users available in Zoho, but not in LDAP : These users will be deleted or disabled in ServiceDesk Plus On-Demand based on your sync preference selected in the tool

An operational error occurred

Kindly ask the user to create a new folder under HKEY_LOCAL_MACHINE\SOFTWARE\MANAGEENGINE and name it as SDPOD

Delete refresh token

Kindly go to this path C:\Users\<Username>\ZohoProvisioning and open the provisioning.conf file in a notepad, now just delete the value for refresh token alone and save it. Before running the app, make sure the person who is trying to authorize has the SDadmin with Org privilege assigned to him by logging into the application as another admin.

Sync users to multiple instances

We currently do not have an option within the provisioning tool to import users to a specific portal. As a workaround, you can run two or more separate provisioning tools in different workstations and in each provisioning tool's conf file, you need to add the below line,

x-sdpod-appid=xxxxxxxx

You have to replace the xxxxxxxx with the App ID for the portal.

The App id's are as below,

You have to add the command in the Provisoning.conf & Sync.conf files available in C:\Users\<User Profile>\Zoho Provisioning.

AD custom attributes

please go to Setup-->Customization-->Additional Fields and create an additional field for a requester. Now, close the provisioning tool and re-open it, then run through the login tab.

Now you will find the custom field under the attributes tab where you can add a custom attribute. Also, if you want to import it to an already existing field, you can replace one of the existing attributes to the custom one.

Skip default password in the provisioning app

The "default password" will be used by the users to log in to SDP Cloud once the users are synced. Upon first login, users will be asked to change the password. If SAML Authentication is used, you can skip using the default password and let the SAML validate the login. In order to skip the default password, please add the following key in "provisioning.conf" file and restart the provisioning app, skip_default_zoho_password=true

After the Provisioning app is restarted, you can proceed without filling up the default password and during first login, users will be sent confirmation mails to theirs AD Email Id to validate the login.

Import from Multiple Domains 

 Single Forest --> You can use a Global Catalogue to query multiple domains in a single forest. Instead of "LDAP://", you can give "GC://" in the Provisioning tool. This way you can search the Global Catalog and do an import or sync of all the users in same forest with ServiceDesk Plus Cloud.

Multiple Forests

You need to run the Provisioning tool multiple times to import users from multiple forests. There is no option to sync users from multiple forests.

1.Explanation about the user sync profile ,
  i.Remove requesters login
  ii.Delete requesters
  iii.Disable zoho accounts
  iv.Delete zoho accounts  

2.Once users are disabled from AD by using provisioning tool,we can't delete requesters by using provisioning, it can be done only by manually in SDP cloud application.

3. 0xE0434352 error code while scheduling the provisioning tool in task scheduler - > File path is wrong or specified path does not have provisioning.exe or sync.conf file.

Error Invalid code

Could you please check if the Technician account you are using to ''Authorize'' on the Provisioning Tool has an SDAdmin role and Org Admin privileges in the particular Instance?

Also, we would suggest you to follow the steps in the given order and see how it works.

1. Close all the instances of the provisioning tool.

2. Navigate to C:\Users\<Current User>\ZohoProvisioning

3. Open the provisioning. conf file in notepad.

4. Change the following values in the provisioning.conf file as

     i)  accounts_server=https://accounts.zoho.eu/

     ii) sdpod_server=https://servicedeskplus.eu/

     iii) dc_location=EU

5. Save the provisioning.conf file and open the Provisioning tool.

6. In the Login Details tab of the provisioning tool, enter the verified domain and click Authorize.

7. A link will be generated, Please click the link and verify the link with an account that has SDADMIN and ORGADMIN roles in it.

8. Click next and continue.