To import users and cardholders with their credentials from an Active Directory, you must create an
Active Directory role for the Active Directory you want to import. The Active Directory role integrates your
Security Center system with an Active Directory server, and imports
users, cardholders, and credentials from selected security groups.
Before you begin
- Upgrade all instances of Security Center in your system to the current version.
- When you delete an Active Directory role, you can release ownership of its entities to
your local Security Center system. When you create a new Active Directory role, you can
reclaim ownership of previously released entities. For more information,
see About releasing or reclaiming ownership of entities from a role
Procedure
-
Open the System task and click the Roles view.
-
Click Add an entity () and
select Active Directory.
-
On the Specific info page, do the following:
-
If you have multiple servers in your system, select a server from the
Server list to host the role.
Selecting a server is only required if you have multiple servers in your
system.
-
In the Active Directory field, enter the fully qualified
domain name (FQDN), hostname, or IP address of the Active Directory server.
If you enter the computer name of the server, the role cannot connect to the
server.
NOTE: If you are not using a default port, you must append the port number you are
using to the Active Directory server name, separated by a colon. For example,
ADServer.Genetec.com:123. The default ports are as follows:
- Active Directory with no SSL: 389
- Active Directory with SSL: 636
- Global catalog no SSL: 3268
- Global catalog with SSL: 3269
-
Specify how you want the role to connect to the Active Directory server.
- Use SSL connection
- Select this option to use SSL encryption for communications with the web
service. If you are using SSL encryption, the web service address uses
HTTPS instead of HTTP.
- Use the Windows credentials of the server hosting the role
- Select this option to use the Windows credentials assigned to the Genetec™
Server service that is running on the server hosting the Active Directory role.
This user must have read access to the selected Active Directory service. If
this option is turned off, you must enter the username and password to connect
to the Active Directory domain.
-
(Optional) Select the Reclaim ownership of local entities
option.
This option enables the role to reclaim ownership of entities that were released
to your local Security Center system when a previous Active Directory role was
deleted.
-
On the Basic information page, do the following:
-
Enter a name and description for the role.
-
Select the partition where the role resides.
-
Click .
The Active Directory role (
) is created. Wait a few seconds for the role to connect to the
Active Directory server.
After you finish
- If you are importing a universal group that is connected to a global catalog, turn on
the Use global catalog option. This option is found on the
Properties page of the Active Directory role.
- If you have multiple servers, turn on the Use a specific domain
controller option to choose the specific server from which you want to
import your schema architecture. This option is found on the
Properties page of the Active Directory role.
-
Import security groups from an
Active Directory.