This topic describes Active Directory (AD) and LDAP integration options.

Table 1. Active Directory/LDAP Integration Options

Field

Description

AD-based logins

Selecting Enabled in this field allows users to log in to the Carbon Black App Control Console using AD accounts and passwords. For more details, see Enabling Console Access via AD Accounts in Managing Console Login Accounts.

AD security domain

Specifying an AD security domain in this field directs the Carbon Black App Control Server to look in that domain for the security groups to use for Carbon Black App Control Console user login validation. If you do not specify a security domain, the login domain for each console user is used, and so the relevant security groups must be in each user’s domain for that user to be able to log in.

AD-based policy

Selecting Enabled in this field allows you to automatically assign Carbon Black App Control policies to computers based on AD or LDAP. For more details, see Managing Computers.

Windows 2000 DCs

Selecting this check box indicates that your network is using Windows 2000 domain controllers. This selection deactivates the AD security domain value you provided, if any, because it relies on cross-domain membership tests that are only available with Windows 2003 SP2 domain controllers.

Test AD Connectivity

Clicking the Test button tests connectivity between the Carbon Black App Control Server and AD. If it reports Success, you can use Carbon Black App Control’s AD integration features. If it reports Error, your Carbon Black App Control Server cannot access AD, and you need to resolve this problem before the integration features can be used.

Note:

This test only discovers whether any AD server is accessible to your Carbon Black App Control Server. It does not confirm that the integration of the two servers is successful with the domain and Windows 2000 choices you provide.