AI Docs

Creating a Active Directory Connector | v8 +

3 min read

image-20251125-130716.png

When creating or changing an Active Directory Connector, there are 3 sections to complete:

  1. Details & Credentials

image-20251125-131819.png

  • DNS Domain Name is the fully qualified domain name.

  • Domain Name is the single name (Pre-Windows 2000) domain name.

  • Primary DC & Secondary DC are the names or IP addresses of the two domain controllers the connector will attempt to connect to. You do not need to fully qualify the domain controller names. If you are using SSL (LDAPS) then you must use domain controller names rather than IP addresses. This is because the SSL certificates on the domain controllers will use the domain controller names.

  • Description is just a text box for any notes. It has no bearing on the operation of the connector.
    SSL unticked the connector will use the LDAP protocol (port 389), ticked the connector will use the LDAPS protocol (port 636).

  • Endpoint Server is the name of the endpoint server from which the connector will run. Only endpoint servers with the Active Directory connector feature enabled will appear in the list.

  • Username is the domain user account used to authenticate. Commonly, only the username is needed, but in some cases the UPN format username@domain.com is required.

  • Password & Confirm is just the user account password. You can use the Validate button to confirm the credentials are correct.

 

  1. Data Retrieval

image-20251125-143615.png

  • Object Types are tick boxes which allow you to control which Active Directory objects (Servers, Workstations, Users and Groups) are retrieved. We recommend leaving all enabled to allow Certero to obtain the maximum data from the domain.

  • Search Roots allow you to specify the Distinguished Name (DN) of the locations within Active Directory (e.g. OU=Users,OU=Internal,DC=consultancy,DC=local). Commonly, these are blank so the search begins at the domain root location. If required, they can be used to limit from where in the domain data is retrieved.

  • User Attributes allow you to control which optional user attributes the connector should exclude.

 

  1. Schedule

image-20251125-145033.png

  • Frequency allows you to choose between On Demand, Daily, Weekly or Monthly. A frequency of at least once a day is recommended. N.B Different options will appear depending on which Frequency is chosen.

  • Enabled allows you to enable or disable the connector.

Once created, an additional section called Results will be seen. This shows a history of the last 30 times the connector was ran. You can click the hyperlink under Status to see the log of that run of the connector.

image-20251125-151325.png
image-20251125-151525.png

Remember, the connector can be run at any time by right clicking the connector. Then choosing Actions - Run Now (shown below).

image-20251125-152613.png