Active Directory Authentication

 Top  Previous  Next

To enable Active Directory authentication

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, select Microsoft Active Directory section.

4.Set the Use Microsoft Active Directory authentication flag.

5.Click Save.

6.Restart the Server to apply changes.

For Active Directory authentication, only enabling of using this authentication method is configured in Control Center.

You must edit Active Directory administrators' settings manually at the Active Directory server.

To edit Active Directory administrators

The following operation must be carried out from a computer with Active Directory Service snap-in.

1.To enable editing of administrator parameters, do the following:

a)Modify the Active Directory scheme with the drweb-esuite-modify-ad-schema-xxxxxxxxxххххх-windows-nt-xYY.exe utility (it is included into Dr.Web Server distribution kit).
Modification of Active Directory scheme may take some time. Depending on the domain configuration, it may take up to 5 minutes and more to synchronize and apply the modified scheme.

If the Active Directory scheme has been modified earlier via this utility for the 6 version of the Server, it is no need to perform modification repeatedly via the utility from the 10 version of the Server.

b)Register Active Directory Schema snap-in, execute the regsvr32 schmmgmt.dll command with the administrative privileges, then run mmc and add the Active Directory Schema snap-in.

c)Using the Active Directory Schema snap-in, add the auxiliary DrWebEnterpriseUser class to the User and (if necessary) Group classes.

If the scheme modification and application process has not finished, the DrWebEnterpriseUser class may be not found. In this case, wait for a few minutes and retry to add the class as described in c) step.

d)With the administrative privileges run the drweb-esuite-aduac-xxxxxxxxxххххх-windows-nt-xYY.msi file (is included in the Enterprise Security Suite 10 distribution kit) and wait until the installation finishes.

2.Visual editing of attributes is available from the Active Directory Users and Computers control panel → Users section → in the Administrator Properties window for editing settings of selected user → on the Dr.Web Authentication tab.

3.The following parameter is available for editing (yes, no or not set values can be set for the attribute):

User is administrator indicates that the user is full-rights administrator.

Algorithms of operating principles and attributes handling during authentication are described in the Appendices document, in the Appendix C1 section.