This page explains how to configure the UX to use Active Directory services.
This process comprises three parts:
- Active Directory Configuration
- Cache Settings
- User Authentication Settings
The Active Directory configuration part is where you turn on Active Directory (AD), set the way the UX will communicate with the AD server, and set a user name and password for authenticating to the AD server.
The Cache Setting part is where you set up AD attribute caching.
The User Authentication Settings section is where you determine which domain controllers to use.
Before You Begin
Before you begin, there some things you need to decide:
- Whether or not you are going to use TLS.
- What operating mode you intend to use.
- Updates - a local cache is built and used to look up AD searchable fields. User authentication is enabled in this mode.
- Online - Communication with Active Directory is done with queries and no information is cached.
- Auth-only - This mode allows user authentication using Active Directory, and no queries are allowed.
You must have already defined and added at least one domain controller to the Domain Controllers Table.
Configuring Active Directory Services on Your UX
- In the WebUI, click the Settings tab.
- In the left navigation pane, go to Auth and Directory Services > Active Directory > Configuration.
Active Directory Configuration - Field Definitions
The fields in the Active Directory Configuration panel determine the manner in which UX communicates with the Active Directory server.
Cache Settings - Field Definitions
The fields in the Cache Settings panel determine how Active Directory attributes are cached locally and the frequency at which the local cache is updated. The UX maintains a local cache of Active Directory user attributes. AD caching enhances system performance and survivability.
Performance is enhanced by eliminating the need to communicate with and query the Active Directory server for each and every call. This improves the performance of the AD server, and has the added benefit of increasing call speeds and relieving load on the network.
In the event of a loss of communication with the Active Directory, whether through a loss of network connectivity or an AD server error, the UX is still able to perform authentication and authorization tasks based on the Local AD Cache.
Manual AD Cache Refresh
In addition to scheduled periodic AD Cache updates, the UX allows you to refresh (update) the AD Cache manually. Typically this feature is used to make user information available immediately after they are added to Active Directory, rather than wait for the automatic update, which might take as long as 30 days.
User Authentication Settings - Field Definitions
The fields in the User Authentication Settings panel determine which Active Directory (domain controller) servers are used for authentication.