Setup the Active Directory Connection

Connect to AD communicates directly with Active Directory by using a user account that is setup to read, create and update user records in Active Directory.

We will need to enter a valid user account into Connect to AD.

Connect to AD can work with either containers or org units within the LDAP tree structure.

A valid LDAP connection string is required to target either the root of the domain or a specific LDAP container within the domain.

Here are examples of valid LDAP connection strings:

Bind to a domain on the server.

LDAP://server01/DC=example,DC=com

Bind to the Sales org unit on a server.

LDAP://server01/OU=Sales,DC=example,DC=com

Bind to the Users container on a server.

LDAP://server01/CN=Users,DC=example,DC=com

Bind to a server.

LDAP://server01

Bind to a server using a fully qualified DNS server name.

LDAP://server01.example.com

Bind to a server using an IP address.

LDAP://10.56.12.99

Bind to a server using the specific port number.

LDAP://server01:390

If you are unsure about which LDAP container to target you can browse the existing containers using the Active Directory Users and Computers app.

Active Directory Users and Computers > Select Container > View Properties > Attribute Editor > distinguishedName

The containers distinguishedName property will provide you with LDAP domain components (DC) and container (OU or CN) which make up the parts of the LDAP connection string.

active_directory_connection_distinguished_name.png

You may now enter the Active Directory connection details. 

The user account will be used to communicate with Active Directory over a period of time, so we recommend that you use a user account with a password that will not expire or you will need to re-enter the password if it does expire.

active_directory_connection_details.png

We recommend using delegation of control to assign the user account the access it needs to perform its tasks.

After entering the connection details, you can check if the connection is valid by clicking on the green check button. This action will ping Active Directory and validate the required communication.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.