[Skip to content]

Search our Site
Easysite Resource Centre
Active Directory

Active Directory

Manage External Providers

Easysite may connect to a third party application in order to import users and groups. Microsoft Active Directory is available as a default external provider, however the Authentication Provider options allows for other providers to be integrated.

Note: The information presented in this help article assumes that Line of Sight exists between Easysite and the Active Directory installation. 

Note: This Help Article refers to the configuration of the Active Directory Authentication Provider. For information on enabling Single Sign On please view the Single Sign On Best Practice article.

1. Required information

Before configuring an Authentication Provider it would be useful to have the following information available:

  • The domain name or NetBios name* of the Easysite installation
  • The active directory server name
  • Active Directory username and password
  • Details of any starting paths and filters for groups and users
  • Extended record template to be completed for user accounts.

 

*To find the NetBios name of your domain:

     

1. On one of your Windows servers go to Start ->  Run

2. In the input box, type dsa.msc and click OK.

3. Right-click your domain in the left pane and choose Properties.

4. Under the General tab locate the Domain Name (Pre-Windows 2000) - this is the NetBios name. Note: NetBios names do note generally contain dots.    

2. Create an External Provider Instance

To manage the Active Directory authentication provider go to Administration -> People -> Authentication Providers. The following view will be presented:

External providers screenshot

1. Click Create an External Provider Instance. The following view will be presented:

Create authentication provider instance screenshot

2. From the External Provider list select Active Directory.

3. Click Select External Provider. the following view will be presented:

Configure external provider screenshot
    

4. Edit/configure:  

Instance Name            

Enter a friendly name for the instance of the Authentication Connector.       

Authentication Domain   

Enter the domain name for the Easysite installation. Note: this should be a domain name - e.g. Ideagen - rather than a URL such as ideagen.co.uk. Alternatively enter the NetBios name for your installation.      

Enable Auto Sign In        

If required, check to allow imported users to be automatically logged into the site when visiting. Note: Automatic Sign On must also be enabled for this feature to work.       

Active Directory Server  

This should be a server you can access using LDAP and needs to be the fully qualified name i.e. server.domain.com.             

Active Directory Username  

Enter the username required to access the external provider instance. Note: this user account needs read access to the directory and should be set to never expire.          

Active Directory Password           

Enter the password required to access the external provider instance.     

Import Groups    

If required, check to import groups created in the external provider instance.   

Import Membership  

If users are being imported, check to associate users with relevant groups.    

Group Starting Path   

Define the point on the forest the import is to start from. For example, ou = EIBS.  

Group Filter

If required add additional filters to identify specific group(s). For example the ou could be Nottingham, with a further filter of Customer Services.

Import Users

If required, check to import users created in the external provider instance.

User Starting Path

Define the point on the forest the import is to start from. For example, ou = Ideagen.

User Filter

If required add additional filters to identify specific users. For example the ou could be Nottingham, with a further filter of Customer Services.

5. Click Save.

3. Manage Mappings

Mappings allow data to held in the Authentication Provider to be mapped to fields in a user account record.

Note: when mapping user data from the Active Directory instance forename, surname and email address are not mandatory fields. This allows user accounts to be created for individuals with incomplete data in A.D.

1. Click Manage Mappings. The following view will be presented:

Active directory manage mappings
2. Select the required Easysite User Field and map to the required to field in Active Directory.

3. Click Add a new item to map another field.

4. Click Finish.

4. Troubleshooting the Active Directory authentication provider

The following steps should be taken to troubleshoot the A.D. connection:

Verify ‘authentication domain’

This should be a domain name e.g ‘IDEAGEN’ not ‘dc=IDEAGEN, dc=CO, dc=UK’

Verify ‘Active Directory Server’

Can the Active Directory server be pinged?

Note: Ping may be blocked on the server. An alternative would be to Telnet onto port 389 to verify connectivity.

Verify Username and Passwords

Check for any accidental substitutions such as  zero to ‘O’, for example. 

Re-enter the data and save

Whilst not strictly necessary it is useful to confirm that the authentication details are correct. 

Test the credentials using an external tool 

To test credentials, download AD Explorer from https://technet.microsoft.com/en-us/sysinternals/adexplorer.aspx 

1. Enter the credentials provided by customer and check you can connect.

2. Verify the organisational units customer has given are correct.