Connect to AD communicates directly with Active Directory by using a user account that is setup to read, create and update user records in Active Directory.
We will need to enter a valid user account into Connect to AD.
Connect to AD can work with either containers or org units within the LDAP tree structure.
A valid LDAP connection string is required to target either the root of the domain or a specific LDAP container within the domain.
Here are examples of valid LDAP connection strings:
Bind to a domain on the server.
Bind to the Sales org unit on a server.
Bind to the Users container on a server.
Bind to a server.
Bind to a server using a fully qualified DNS server name.
Bind to a server using an IP address.
Bind to a server using the specific port number.
If you are unsure about which LDAP container to target you can browse the existing containers using the Active Directory Users and Computers app.
Active Directory Users and Computers > Select Container > View Properties > Attribute Editor > distinguishedName
The containers distinguishedName property will provide you with LDAP domain components (DC) and container (OU or CN) which make up the parts of the LDAP connection string.
You may now enter the Active Directory connection details.
The user account will be used to communicate with Active Directory over a period of time, so we recommend that you use a user account with a password that will not expire or you will need to re-enter the password if it does expire.
We recommend using delegation of control to assign the user account the access it needs to perform its tasks.
After entering the connection details, you can check if the connection is valid by clicking on the green check button. This action will ping Active Directory and validate the required communication.