Configuring Active Directory

Before you configure CloudControl to use Active Directory, you must add a CloudControl service account and grant it the proper privileges. If you have already enabled Local Authentication, then it will be disabled when you configure Active Directory.

Important: Configuring Active Directory with SSL requires that the AD certificate is exported from Microsoft Management Console and then imported into CloudControl.

  • To export the certificate from Microsoft Manager, navigate to Trusted Root Certs > the certificate name, then All Tasks > Export. The certificate must be in B64.cer format.

  • To import the certificate, see Installing a Certificate Authority.

Procedure 

  1. From the Home tab, select System > Primary Authentication.
  2. Click Configure Active Directory Now to start the Configure Active Directory wizard.
  3. In the confirmation box, click OK.

  4. On the Details page of the Configure Active Directory wizard, enter the following: 

    Field

    Value

    Configuration Method

    Choose whether to use Automatic or Manual configuration.

    Domain Name

    Enter the default domain name to use with Active Directory.

    Security

    Choose None or SSL. This is for automatic configuration only.

    Account Enter the name of the service account that you created.

    Password

    Enter the password for the service account.
  1. Click Continue.

  2. If you selected Automatic configuration, do the following:

    1. On the Domains page of the Configure Active Directory wizard, verify the domain that you want to use. The default domain is displayed with a star icon.

      Important: CloudControl automatically adds all of the discovered domain controllers and global catalogs, starting with the closest. If you have a large number, then this will be done in the background. If the domain that you want to use is not visible, and you do not want to wait, then we recommend that you complete the configuration process, then edit your AD configuration later.

    2. Optionally edit the domain controllers and global catalog.

    3. Click Continue and proceed to step 8.

  3. If you selected Manual configuration, do the following: 

    1. On the Details page of the Configure Active Directory wizard, click Add a Domain Controller Now or the Create button and complete the following:

      Important: The same domain controller must be entered as both a Domain Controller and as a Global Catalog.

      Field

      Value
      Name Enter the domain controller name.
      Security Select whether you want to use no security or SSL.

      Port

      Enter the port for the domain controller or global catalog.

      User Search Context (Base DN) Enter the Base DN to use for searching users.

      Group Search Context (Base DN)

      Enter the BASE DN to use for searching groups.

      Note: The Add a Domain Controller Now link is only available the first time you add a domain controller or global catalog.

    2. Click Add.
    3. Click the Create button to create an additional domain controller, or click Continue.

    4. On the Global Catalogs page, click Add a Global Catalog Now or the Create button and complete the following:

      Important: The same domain controller must be entered as both a Domain Controller and as a Global Catalog.

      Field

      Value
      Name Enter the domain controller name.
      Security Select whether you want to use no security or SSL.

      Port

      Enter the port for the domain controller or global catalog.

      User Search Context (Base DN) Enter the Base DN to use for searching users.

      Group Search Context (Base DN)

      Enter the BASE DN to use for searching groups.

    5. Click Add.

    6. Click the Create button to create an additional global domain, or click Continue.

    7. On the Add Additional Domains pop-up, choose one of the following:

      • Click Add Additional Domains if you want to add one or more domains in addition to the default domain.

        On the Additional Domains page, click Add a Domain Now or the Create button, enter the domain information, and click Continue.

      • Click Skip.
    8. Click Close and proceed to step 8.

  4. On the ASC_SuperAdmin Role Mapping page, enter the group name for the ASC_SuperAdmin user.

    The group name is the Active Directory security group name. Select the AD group name that you want to associate with the default role. The group names are automatically populated by CloudControl.

  5. Click Continue.
  6. On the Summary page, review your changes, then click Apply.
  7. Click Apply AD settings and Log Out in the confirmation window.

  1. Click OK to confirm.

Once the process is complete, you are logged out of CloudControl GUI. You must use your AD credentials to log back in to CloudControl.