Active Directories can be on-premises AD directories or cloud-based Azure AD directories. For some products you can add the same domain multiple times when using different categories.
On-premises Active Directories
- Select the Category for an Active Directory connection. Only for Pandeiro product, for Privilege Manager, always use the default (none). For Pandeiro each category that need to support group requests must also have Active Directory connection specified
- As a Directory type, select Active Directory type for connection. Use Active Directory if single domain type is required and use Active Directory (Global Catalog) if forest type is required. All domains in forest can also be added as single domains. If you use Global Catalog type (forest) for your AD, then only subset of attributes are available.
- Specify an Active Directory name using the forest or domain DNS name.
- If this Active Directory connection should show only part of the Active Directory information, specify the OU root paths to show as a comma-separated canonical name list. Do not specify domain name in the canonical name. For example OU with OU=Root,OU=Demo,DC=ad,DC=local distinguished name would be specified as Demo/Root
- If Active Directory domain controllers cannot be found using DNS and the specified directory name, specify the location of the Directory servers using the FQDN name or IP addresses. You can specify several domain controllers by separating values with commas.
- If the identity used to run Recast Privilege Manager and the Recast Agent Gateway web sites (default is Network Service that will use servers computer object as identity) does not have permissions to connect to Active Directory, enable Specify credentials for directory connection and specify credentials to be used in connecting Active Directory service. The user account name format can be pre-Windows 2000 account format (DOMAIN\account) or user account format (email)
- Select the Category for Active Directory connection. Only for Pandeiro product, for Privilege Manager always use the default (none). For Pandeiro each category that need to support group requests must also have Active Directory connection specified.
- As a Directory type, select Azure Active Directory.
- Enter a display Name that will be shown in the Privilege Manager Portal for your Azure AD directory.
- Enter your Azure AD Directory (tenant) ID. You get this value when creating Azure AD App Registration.
- Enter your Azure AD Application (client) ID. You get this value when creating Azure AD App Registration.
- Enter your Azure AD App registration Client secret. You get this value when creating Azure AD App Registration.
- Click Add.