• No results found

Active Directory Integration

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Active Directory Integration"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

Active Directory Integration

Last updated March 2016

Contents

Introduction: ... 2

Administration configuration set up: ... 2

Configuring for a single OU import ... 3

User Importing ... 3

Active Directory and helpdesk field mappings ... 5

Trouble shooting AD Integration : ... 7

Configure sitehelpdesk to use NT/windows Authentication ... 8

(2)

Introduction:

Sitehelpdesk, sitehelpdesk-IT and sitehelpdesk-FM provides integration with Microsoft Windows Active Directory to maintain the list of users. This can be used to perform an initial import or to synchronise sitehelpdesk with the Active Directory once new user accounts are created.

Administration configuration set up:

Firstly say YES to provide the import and sync options on the Admin, User page.

Do you want to integrate with Active Directory? No

The id and password of an account with privilege to access AD must be entered here:

Enter Network Account with Active Directory access: domain\acco

and Password : Information of the AD domain to search and import is then entered:

Enter Active Directory Domain : mycompany.com

and NT Domain : mycompany Note : Active Directory domain name is case sensitive.

The NT domain name must be entered. This is used to prefix the user id to authenticate them later. E.g domain\id is held in the user NT Account field and is used to match user id’s when they go to the user log page under windows authentication mode.

When configured you must Apply Changes Run a test to make sure you make connection OK.

If you have a large Active Directory database then you may experience time out errors. See the trouble shooting section to resolve these. You also have the option of configuring the AD domain to import single OU’s.

(3)

Configuring for a single OU import

Open Administration, Configuration, and locate the Active Directory section. This typically contains just the domain name i.e. mycompany.com. You can limit the results to certain OUs by using the following format in the Active Directory Domain name...

IPAddress/OU=xxx,DC=xxx

where IPaddress is the IP address of your Active Directory server, OU is the organizational unit and DC is the Domain name.

For example...

If the domain is mycompany.com, your domain controller IP address is 10.11.1.1, and you have a London OU, below a People OU you should enter the following...

10.11.1.1/OU=London,OU=People,DC=mycompany,DC=com

This will return details of all users in containers below People, London.

If the domain is mycompany.co.uk, your domain controller IP address is 10.11.1.2, and you have a Teachers OU you should enter the following...

10.11.1.2/OU=Teachers,DC=mycompany,DC=co,DC=uk This will return details of all users in containers below Teachers.

User Importing

You will now be able to import and synchronise the helpdesk user records with your Active Directory LDAP database.

AD Import and AD Synchronisation options via User, Administration

(4)

Carry out an import initially via AD Import, tick all the user records you want to bring into the helpdesk.

The periodically you can carry out a sync. This uses the Active Directory as the master database and will compare the records with the helpdesk and list all those where there are differences. You can scroll the list and flag for import those that you want to update in the helpdesk.

Note: the helpdesk will never write back into AD.

(5)

Active Directory and helpdesk field mappings

These screen shots demonstrate the mapping of Active Directory records to sitehelpdesk / sitehelpdesk-IT via AD import.

AD General Tab

Active Directory field Name Sitehelpdesk Default field Name

Display name User name

Office Site

Telephone number Phone No.

E-mail Email Address

(6)

Organization Tab

Active Directory field Name Sitehelpdesk Default field Name

Title Job Title

Department Department

(7)

Trouble shooting AD Integration :

Error message:

ENGLISH: ASP 0113 - Script timed out SQL time out 80040e31

Resolution:

This can occur when a page exceeds the timeout value. For example when adding large attachments or accessing Active Directory. By default IIS sets the timeout at 90 seconds. You can increase it as follows...

- Open IIS Manager

- Right click on the sitehelpdesk virtual directory and select Properties - Click on Configuration button (on Virtual Directory tab)

- Click on Options tab

- Change the ASP Script Timeout value to 180 - Click on Apply and OK

It should pick up that Change straight away, but you may need to stop / start the Default Web Site.

(8)

Configure sitehelpdesk to use NT/windows Authentication

Configure IIS IIS 6

- From IIS, expand (+) the sitehelpdesk virtual directory to display folders

- IMPORTANT to only apply to user folder - Right click on the User folder and select Properties - Click on Directory Security tab, click on Edit button

- Remove Anonymous access and tick only Integrated Windows authentication - Stop and Restart the Default Web Site for changes to take effect

- You will need to ensure that Domain Users have access to the \sitehelpdesk\user folder, files and subfolder (every one full control will cover this)

IIS 7

From IIS, expand (+) the sitehelpdesk virtual directory to display folders - Click on the User folder to bring up icons relevant to that folder only.

- Double Click on Authentication icon

- Disable Anonymous access and only Enable Integrated Windows authentication - Stop and start the IIS Service

- You will need to ensure that Domain Users have access to the \sitehelpdesk\user folder, files and subfolder (Everyone full control covers this)

Configure Helpdesk

In Administration, Configuration set the User Logging Options

How would you like your end users to enter their user credentials? Windows Authentication - In Administration, Users ensure that all users have NT Account. Needs to be in domain\account format.

Users will only be able log and view support calls if they exist in the User database and will only ever see their own calls. Any users who do not exist will not be able to log or view calls.

If the user gets an message saying they are not authorised to log call then this will be because their domain\id cannot be found in the user records

If the user page has a blank name field and authentication is not happening then use this test copy /sitehelpdesk/tools/testserverconfig.asp to /user folder

then access

http://{webserver}/sitehelpdesk/user/testserverconfig.asp

The AUTH_USER parameter should show the login of the current user. If it is blank then windows authentication is not done properly.

If it does show then this is what it will match against the NT Account in User Admin or the email address depending on how you authenticate when logging onto the domain

(9)

Troubleshooting Windows authentication

If you use proxy servers then you may need an explicit bypass under IE Tools, options, connections, by pass proxy, advanced.

For windows authentication across domains, this resource may prove useful.

http://www.olegsych.com/2009/05/crossing-domain-boundaries-windows-authentication/

If you are using IIS 7 and still get asked to authenticate when accessing the User pages check this resource

https://www.sitehelpdesk.com/sitewebdesk/ATTACHMENTS/(FAQ29)%20application-pool.pdf

Firefox and chrome may not allow access using windows authentication by default like IE will.

This document will help configure those browsers.

https://www.sitehelpdesk.com/sitewebdesk/ATTACHMENTS/(FAQ29)%20Configuring%20Chrom e%20and%20Firefox%20for%20Windows%20Integrated%20Authentication.pdf

References

Download now ( PDF - 9 Page - 409.89 KB )

Related documents

1. Support. For support, please contact

AD Sync Service uses groups created within the Active Directory to identify the users and groups to synchronise with Worksite.. If you need to synchronise users with Worksite,

PowerCAMPUS Portal and Active Directory

SharePoint Server PowerCAMPUS Database Server Self-Service Server AD Connect Active Directory Domain Controller ADWatcher User.. User goes to

Easily Managing User Accounts on Your Cloud Servers. How modern IT and ops teams leverage their existing LDAP/Active Directory for their IaaS

Organizations have traditionally leveraged Microsoft Active Directory (AD) or the Lightweight Directory Access Protocol (LDAP) for managing access to their on-premise

CaseWare Data Store Administration Tool User Guide 2014

The Active Directory Import allows users contained in the Windows Active Directory to be imported into the Working Papers user list.. In addition to the user name,

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Okta’s directory integration support also allows you to delegate the authentication of users into Okta to your on-premises AD or LDAP Domain instead.. That is, user login attempts

Single Sign-on for Office 365, Microsoft Azure and On-Premises Environments:

For a seamless user experience, you might think about combining your on-premises Active Directory with Azure AD by setting up directory synchronization (including password sync)

SINGLE SIGN-ON SETUP T ECHNICAL NOTE

Within Import Users From An Active Directory page you will see: • Active Directory integration parameters (e.g. Host, Domain and Port) • Available Users, Groups and Organizational

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

In addition to RADIUS and the local user database, SonicOS Enhanced supports LDAP, Microsoft Active Directory (AD), and Novell eDirectory directory services for user