Creating an Active Directory role in Security Center - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

To import users and cardholders with their credentials from an Active Directory, you must create an Active Directory role for the Active Directory you want to import. The Active Directory role integrates your Security Center system with an Active Directory server, and imports users, cardholders, and credentials from selected security groups.

Before you begin

  • Upgrade all instances of Security Center in your system to the current version.
  • When you delete an Active Directory role, you can release ownership of its entities to your local Security Center system. When you create a new Active Directory role, you can reclaim ownership of previously released entities. For more information, see About releasing or reclaiming ownership of entities from a role

Procedure

  1. Open the System task and click the Roles view.
  2. Click Add an entity () and select Active Directory.
  3. On the Specific info page, do the following:
    1. If you have multiple servers in your system, select a server from the Server list to host the role.
      Selecting a server is only required if you have multiple servers in your system.
    2. In the Active Directory field, enter the fully qualified domain name (FQDN), hostname, or IP address of the Active Directory server.
      If you enter the computer name of the server, the role cannot connect to the server.
      NOTE: If you are not using a default port, you must append the port number you are using to the Active Directory server name, separated by a colon. For example, ADServer.Genetec.com:123. The default ports are as follows:
      • Active Directory with no SSL: 389
      • Active Directory with SSL: 636
      • Global catalog no SSL: 3268
      • Global catalog with SSL: 3269
    3. Specify how you want the role to connect to the Active Directory server.
      Use SSL connection
      Select this option to use SSL encryption for communications with the web service. If you are using SSL encryption, the web service address uses HTTPS instead of HTTP.
      Use the Windows credentials of the server hosting the role
      Select this option to use the Windows credentials assigned to the Genetec™ Server service that is running on the server hosting the Active Directory role. This user must have read access to the selected Active Directory service. If this option is turned off, you must enter the username and password to connect to the Active Directory domain.
    4. (Optional) Select the Reclaim ownership of local entities option.
      This option enables the role to reclaim ownership of entities that were released to your local Security Center system when a previous Active Directory role was deleted.
  4. On the Basic information page, do the following:
    1. Enter a name and description for the role.
    2. Select the partition where the role resides.
  5. Click Next > Create > Close.
    The Active Directory role () is created. Wait a few seconds for the role to connect to the Active Directory server.

After you finish

  • If you are importing a universal group that is connected to a global catalog, turn on the Use global catalog option. This option is found on the Properties page of the Active Directory role.
  • If you have multiple servers, turn on the Use a specific domain controller option to choose the specific server from which you want to import your schema architecture. This option is found on the Properties page of the Active Directory role.
  • Import security groups from an Active Directory.