You can edit the Active Directory after initial setup.

About this task

The Active Directory is normally registered during the setup process. Follow the directions here to edit your Active Directory setup after it has been configured.

Note the following:

  • In the case of external or forest trusts, root domains must be registered. For more information, see External and Forest Trusts.

  • The LDAP bind account is treated by the system as a Super Admin user, so this account should not be shared with any user that does not have Super Admin privileges. For example, if there is another product that also needs an LDAP bind account, a new LDAP account should be created for this purpose so whoever has the new account cannot log in as Super Admin.

Procedure

  1. Select Settings > Active Directory.

    The Active Directory page displays.

  2. If you have multiple Active Directories configured, select the one you want to edit from the list on the left.
  3. Click Edit next to Domain Bind to edit domain bind information.

    The Edit Active Directory dialog displays.

  4. Edit information as desired in the fields described below.

    Option

    Description

    NETBIOS Name

    [Not editable] Active Directory domain name

    DNS Domain Name

    Fully qualified Active Directory domain name

    Protocol

    [Not editable] LDAP is the only choice

    Bind Username

    Domain administrator. Edit only if new username is set up in Active Directory first.

    Bind Password

    Domain administrator password. Edit only if new password is set up in Active Directory first.

  5. Click Advanced Properties.
  6. Edit information as desired in the following Advanced Properties fields.

    Option

    Description

    Port

    The default for this field is 389. You should not need to modify this field unless you are using a non-standard port.

    Domain Controller IP

    (Optional) Specify a single preferred domain controller IP address if you want AD traffic to use a specific domain controller.

    Context

    This option is auto-populated based on the DNS Domain Name information provided earlier.

  7. Make changes to auxiliary bind accounts as described below.
    • Add an auxiliary bind account:

      1. Click the Add Auxiliary Bind Account link.

      2. Enter username and password for the account.

        Note:

        Username and password must exist in the Active Directory or the account will not be added successfully.

    • Change password for an auxiliary bind account:

      1. Confirm that the password for the account has already been changed in the Active Directory.

      2. Click the Change Account Password link for the account (for example, Change Account #1 Password).

      3. Enter the new password.

      Note:

      You cannot change the bind username for an auxiliary bind account. Instead, you need to remove the account and add it with the new username.

    • Remove an auxiliary bind account by clicking the Remove link next to the account.

      Note:

      You cannot remove an auxiliary bind account if it is the last active service account remaining.

  8. Click Domain Bind to save changes.
  9. Click Edit next to Domain Join to edit domain join information.

    The Domain Join dialog displays.

  10. Edit domain join information as desired.

    Option

    Description

    Join Username

    Domain administrator. Edit only if new username is set up in Active Directory first.

    Join Password

    Domain administrator password. Edit only if new password is set up in Active Directory first.

    Primary DNS Server IP

    IP address of primary DNS Server

    Secondary DNS Server IP

    (Optional) IP of secondary DNS Server

    Default OU

    Default organizational unit

  11. Click Save.
  12. In the Add Super Administrator dialog box, make any desired change and click Save.

    Use the Active Directory search function to select the AD administrator group to administer the system.