Active Directory Authentication

warning

This section is available for configuration via the Control Center only at update of the Server from the previous version. After disabling this authentication type, its section will be excluded from the Control Center settings.

At the first Server installation, these section is not available.

To enable Active Directory authentication

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, select Microsoft Active Directory section.

4.Set the Use Microsoft Active Directory authentication flag.

5.Click Save.

6.Restart the Server to apply changes.

For Active Directory authentication, only enabling of using this authentication method is configured in Control Center.

You must edit Active Directory administrators' settings manually at the Active Directory server.

To edit Active Directory administrators

warning

The following operation must be carried out from a computer with Active Directory Service snap-in.

1.To enable editing of administrator parameters, do the following:

a)Modify the Active Directory scheme with the drweb-11.00.1-<build>-esuite-modify-ad-schema-<OS_version>.exe utility (it is included into Dr.Web Server distribution kit).
Modification of Active Directory scheme may take some time. Depending on the domain configuration, it may take up to 5 minutes and more to synchronize and apply the modified scheme.

info

If the Active Directory scheme has been modified earlier via this utility for the 6 version of the Server, it is no need to perform modification repeatedly via the utility from the 11.0.2 version of the Server.

b)Register Active Directory Schema snap-in, execute the regsvr32 schmmgmt.dll command with the administrative privileges, then run mmc and add the Active Directory Schema snap-in.

c)Using the Active Directory Schema snap-in, add the auxiliary DrWebEnterpriseUser class to the User and (if necessary) Group classes.

info

If the scheme modification and application process has not finished, the DrWebEnterpriseUser class may be not found. In this case, wait for a few minutes and retry to add the class as described in c) step.

d)With the administrative privileges run the drweb-11.00.1-<build>-esuite-aduac-<OS_version>.msi file (is included in the Enterprise Security Suite 11.0.2 distribution kit) and wait until the installation finishes.

2.Visual editing of attributes is available from the Active Directory Users and Computers control panel → Users section → in the Administrator Properties window for editing settings of selected user → on the Dr.Web Authentication tab.

3.The following parameter is available for editing (yes, no or not set values can be set for the attribute):

User is administrator indicates that the user is full-rights administrator.

info

Algorithms of operating principles and attributes handling during authentication are described in the Appendices document, in the Appendix C1 section.