OnPrem AD (Active Directory)
Overviewβ
Active Directory (AD) is a directory service developed by Microsoft that provides a centralized location for managing and organizing information about network resources, including users, computers, and other devices. In this article, you will learn how to configure an Active Directory data source in Settings. The two main steps for this process are: Data Source Info and Sync Accounts.
Navigate to Data Source Settingsβ
- Click the Settings main menu option
- By default, you will be seeing the About page
- Click Data Sources under the Connectivity tab
Data Source Infoβ
This is the first step that you need to fill in. There are three sections, About, Configuration, and Verification.
You will see the Connection Verification after finishing creating the data source.
Aboutβ
- Name your data source
- Select the Type drop-down menu
Configurationβ
- Server
The IP address or the Domain of your Active Directory. You may optionally provide a specific port by appending a colon and port number.
Examples:
organisation.internal
10.0.0.2
organisation.internal:636
10.0.0.2:389
- Secure Connection
Enforce the connection from Apporetum to utilise LDAPS. Note that this will overwrite the LDAPS port if specified.
- Username
The username of a service principal object in Active Directory. This can be a sAmAccount Name or UserPrincipleName.
- Password
The password of the service account. Please note that the field will be blank, but there will be a password protected in the Apporetum Password Vault. If you leave the field blank, this vault password will be retained. If you type into this field, it will be overwritten with the new entry you type.
- Group Container
Specifiy the Distinguished Name (DN) for an Org Unit (OU) or Domain Controller (DC) which Apporetum will use as the root container to discover groups. Can be a specific OU or the entire DC. Ensure that all groups which you would like to adopt is a child of this DN.
Examples:
DC=organisation,DC=internal
OU=OrgApps,DC=organisation,DC=internal
OU=AU,OU=Apps,DC=organisation,DC=internal
- Create Group Container
Specify the Distinguished Name (DN) for an Org Unit (OU) or Domain Controller (DC) which Apporetum will use as the parent container for new security groups. Can be a specific OU or the entire DC. Ensure Apporetum has write permissions the the member of this group. This is the location where Apporetum will create New security Groups.
Examples:
DC=organisation,DC=internal
OU=ApporetumGeneratedGroups,DC=organisation,DC=internal
OU=Apporetum,OU=AU,OU=Apps,DC=organisation,DC=internal
- User Container
Specify the Distinguished Name (DN) for an Org Unit (OU) or Domain Controller (DC) which Apporetum will use as the parent container for new groups. Can be a specific OU or the entire DC. This is a location where Apporetum will look for users when syncing accounts.
Examples:
DC=organisation,DC=internal
OU=ApporetumGeneratedGroups,DC=organisation,DC=internal
OU=Apporetum,OU=AU,OU=Apps,DC=organisation,DC=internal
Connection Verificationβ
- Click Run Verification to run tests on Connection, Authentication, and Read Data
The tests will run in the following order: connection, authentication, read data. If one fails, the next test will not run.
- Click Run Again once you have made any adjustments
Please contact Apporetum team for further help if needed.
Sync Accountsβ
Click here to view detailed information on sync accounts.