You can edit the Active Directory after initial setup.
The Active Directory is normally registered during the setup process. Follow the directions here to edit your Active Directory setup after it has been configured.
Note the following:
- In the case of external or forest trusts, root domains must be registered. For more information, see External and Forest Trusts.
- The LDAP bind account is treated by the system as a Super Admin user, so this account should not be shared with any user that does not have Super Admin privileges. For example, if there is another product that also needs an LDAP bind account, a new LDAP account should be created for this purpose so whoever has the new account cannot log in as Super Admin.
- Select Settings > Active Directory.
The Active Directory page displays.
- If you have multiple Active Directories configured, select the one you want to edit from the list on the left.
- Click Edit next to Domain Bind to edit domain bind information.
The Edit Active Directory dialog displays.
- Edit information as desired in the fields described below.
Option Description NETBIOS Name [Not editable] Active Directory domain name DNS Domain Name Fully qualified Active Directory domain name Protocol [Not editable] LDAP is the only choice Bind Username Domain administrator. Edit only if new username is set up in Active Directory first. Bind Password Domain administrator password. Edit only if new password is set up in Active Directory first.
- Click Advanced Properties.
- Edit information as desired in the following Advanced Properties fields.
Option Description Port The default for this field is 389. You should not need to modify this field unless you are using a non-standard port. Domain Controller IP (Optional) Specify a single preferred domain controller IP address if you want AD traffic to use a specific domain controller. Context This option is auto-populated based on the DNS Domain Name information provided earlier.
- Make changes to auxiliary bind accounts as described below.
- Add an auxiliary bind account:
- Click the Add Auxiliary Bind Account link.
- Enter username and password for the account.
Note: Username and password must exist in the Active Directory or the account will not be added successfully.
- Change password for an auxiliary bind account:
Note: You cannot change the bind username for an auxiliary bind account. Instead, you need to remove the account and add it with the new username.
- Confirm that the password for the account has already been changed in the Active Directory.
- Click the Change Account Password link for the account (for example, Change Account #1 Password).
- Enter the new password.
- Remove an auxiliary bind account by clicking the Remove link next to the account.
Note: You cannot remove an auxiliary bind account if it is the last active service account remaining.
- Add an auxiliary bind account:
- Click Domain Bind to save changes.
- Click Edit next to Domain Join to edit domain join information.
The Domain Join dialog displays.
- Edit domain join information as desired.
Option Description Join Username Domain administrator. Edit only if new username is set up in Active Directory first. Join Password Domain administrator password. Edit only if new password is set up in Active Directory first. Primary DNS Server IP IP address of primary DNS Server Secondary DNS Server IP (Optional) IP of secondary DNS Server Default OU Default organizational unit
- Click Save.
- In the Add Super Administrator dialog box, make any desired change and click Save.
Use the Active Directory search function to select the AD administrator group to administer the system.