Add Active Directory Servers

To add an AD server, do the following:

  1. In System Configuration, select Global Configuration Settings > Network Environment > Directory Services Synchronization.
  2. Select the Active Directory tab.
  3. In the Servers section, click Add server.
  4. In the New AD server dialog box, do the following:
    1. Enter the Domain Controller server name. A domain controller is a server shared by a group of computers that use a common accounts database. The fully qualified domain name—not the IP address—must be entered for the Domain Controller.
      Note: The maximum length of the host name and of the fully qualified domain name (FQDN) is 63 bytes per label and 255 bytes per FQDN. Microsoft Windows does not permit computer names that exceed 15 characters, and you cannot specify a DNS host name that differs from the NETBIOS host name.
    2. Optionally, select the Allow Fallback to Other Domain Controllers checkbox, and enter an additional Domain server name. This option allows for automatic failover to another domain controller if the original domain controller is unavailable or goes offline, or if the environment changes in such a way that it is more efficient to use a different domain controller. The fully qualified domain name—not the IP address—must be entered for the fallback domain controller to establish a connection during failover. When a fallback to another domain controller occurs, a full synchronization of user accounts takes place. When the original domain controller is back online, a full user synchronization happens again.
    3. Select Load to populate the list of Application partitions, and select a partition for the directory of users. Alternatively, you can disable the Load option, and edit the Application partition.
    4. Optionally, enter External Authentication Credentials to allow access to Active Directory servers on untrusted domains. When working in an environment with multiple domains which do not have a trust relationship, AD lookup and AD sync are not supported since the Equitrac Service Account cannot be trusted across domains.
    5. Click OK to add it to the domain controller list. A specific server can only be added once to the list.
  5. Click the Edit icon if you wish to make changes to any of the domain servers in the list.
  6. Click the Trash icon to remove any of the domain servers from the list.
  7. Click the Test icon to open an Active Directory Lookup dialog box. Enter a user account name and click Lookup. When the domain controller is contacted, the dialog box shows the ADS properties for that account. You can test servers as well as containers, depending on your list selection. Lookups may get resource intensive operations: ensure that you use this functionality on an entire server only if your task specifically requires it.
  8. To add individual containers, expand a server in the servers list and click Add Container. A container is a subset of a Domain controller. Select one or more containers that belong to the selected Domain Controller. A specific container can only be added once to the same server.

CAUTION:
Ensure that the Organization Units (OU) containers you choose are comprised of user account data only. If the OUs contain other data (such as system or contact information), you will see unexpected results. You may need to create specific OU containers to be used only for importing and synchronization purposes.

  1. Optionally, you can select a container and click the Trash icon to clear it from the list.
  2. Optionally, you can move servers and containers up or down the list view with the up or down arrow icons.
  3. Click Apply to save the server settings.