Adding a Domain Controller for Active Directory

You can add an Active Directory (AD) domain so that users can log on to the CommCell environment with their Active Directory credentials. An AD user can log on with either a user ID and password or an email address and password.

Before You Begin

  • You must have the Add, delete and modify a domain permission at the CommCell level.

  • Obtain the domain name and fully qualified domain name of the Active Directory server.

  • Verify that LDAP is configured on the Active Directory (AD) server.

  • If you need to add the domain using a domain user account when Commserve host is not a member of the domain controller, verify that the domain user account has at least read access to the domain.

  • If you want to use LocalSystemAccount without a password, the CommServe computer must be added to the AD domain or be a member of the domain controller. As domains can have multiple domain controllers, you must verify that the CommServe computer is a member of the domain.

  • For an Active Directory server that you want to create a secure LDAP connection through a proxy client computer for, verify the following:

    • The Active Directory server is reachable from the proxy client computer.

    • The proxy client computer has the SSL certificate installed.

      For information about whether the proxy client is configured for LDAP with the proper SSL certificate, see Verify LDAP Configuration on External Domain.

    • The proxy client computer is registered with the CommServe computer. Otherwise, you must install the LDAP Gateway CommServe server package on the proxy client.

Important Considerations

Review these important considerations before adding domain controllers:

  • The CommServe must have LDAP, DNS, and Kerberos connectivity to each domain that you want to register for the domain users to log on.

  • When using trusted domains, register both domains with the CommServe so that users from the trusted domains can log on.

  • No two domain controllers can have the same domain name. Do not register duplicate domain controllers with the CommServe host.

  • You can configure a default Active Directory (AD) so that AD users can log on without typing the domain name as a prefix.

    For more information, see set a default domain.

    Important

    When local CommCell users log on, they must type local\ or the value you define in the DefaultCSDomain additional setting as the prefix to their user name. Contact your local CommCell users to let them know about this change. For information about setting a different prefix for local users, see Setting a Default Domain for Active Directory Users.

Procedure

  1. From the CommCell Browser, go to Security.

  2. Right-click Domains and click Add new domain > Active Directory.

    The Add New Domain Controller dialog box is displayed.

  3. Enter the details for the Active Directory domain controller.

    For information on each option, see the online help for Add New Domain Controller.

  4. Click OK.

Loading...