Adding Microsoft Active Directory Domains Parent topic

You can integrate Microsoft Active Directory authentication to Deep Discovery Web Inspector by adding one or more Active Directory domains to Deep Discovery Web Inspector Active Directory Services.

Procedure

  1. Obtain the information from the Active Directory administrator that is required to add a domain to the Deep Discovery Web Inspector Active Directory Services configuration.
  2. Go to AdministrationActive Directory ServicesActive Directory.
  3. Click Add.
  4. Enter the Domain name.
  5. Enter the Service account.
    This is the Active Directory account used to access resources on the Active Directory domain controllers. The account must exist and must have appropriate permissions.
    You must enter the account name in the following format: [Netbios Domain Name]\[sAMAccountName]
  6. Type the service account's password.
    Once the password of service account is nearly expired, you should modify the password manually here. Be aware that modifications to any settings here will restart the authentication daemon. The recommendation is to modify the password during non-working time.
  7. If desired, specify that the configuration use Microsoft Active Directory Global Catalog servers by enabling Global Catalog servers.
    If you enable Deep Discovery Web Inspector to use global catalog servers, domains in the forest of domains in the selected global catalogs are authenticated. If you do not configure Active Directory Services to use global catalog servers, the standard domain controllers are used for authentication, and only the configured domain is used for authentication. The default is to use the global catalog type.
  8. Specify whether to use LDAP StartTLS for connections to the Active Directory servers.
  9. (Optional) Click on Advanced setting if you want to configure advanced settings.
    1. Select the HA policy to use when connecting to the Active Directory servers.
      • Round robin (default)
      • Fail over
    2. In LDAP server name, select the LDAP server names that you want Deep Discovery Web Inspector to use or click on Auto Detect to have Deep Discovery Web Inspector automatically detect Active Directory servers.
      The default is to auto detect.
      Note
      Note
      When choosing domain controllers, the recommendation is to select the fastest (least time-lag) LDAP servers (domain controllers) and delete the slow (large time-lag) LDAP servers.
      If necessary, you can obtain this information by referring to the LDAP server list that is obtained by auto detection. The faster, least time-lag LDAP servers are listed at the top of the total list. The slower, large time-lag LDAP servers are list at the bottom of the total list.
      The 'far/slow/remote' domain controllers will slow down authentication and user/group synchronization speed.
    3. Type the base distinguished name.
      The default is the base distinguished name derived from Domain name.
  10. Click Test Connection to verify that a connection to a Microsoft Active Directory server can be established using the specified information.
  11. Click Save.