Knowledgebase:
Anchor - Integrating Active Directory with Anchor
Posted by Rick Klemetson, Last modified by Anne Doring on Apr 11, 2017 12:34 PM

Overview

Active Directory, or any LDAP authentication source, can act as a source for user accounts within the system. When an authentication source is configured, an imported user can log in to the web portal using the credentials attached to his or her authentication source account.

You can utilize one of two methods to configure Active Directory integration:

  • Machine Method—If you use the machine method, you will first need to download the desktop client onto the server that houses the authentication source. You will then register that desktop client to any user within the system. For instructions on how to install and register, please reference the End User Guide.

    Note
    : When registering  to a user account on a server, it is recommended that you create a dummy account. The purpose of using a dummy account is to prevent unnecessary storage usage on the local machine. A dummy account should not be subscribed to team shares, should be set to use fixed space quota of .01GB, and should be configured using a predetermined naming system (such as First Name: File Server; Last Name: LDAP).

  • Server Method—Using the server method, you can connect to your authentication source without installing a desktop client on the machine that houses the authentication source. This sever must be publically accessible in order to use this method.

Notes to Consider

  • If you have already manually created user accounts, and want to convert these existing user accounts to AD user accounts, you must ensure that the email addresses match. If an email address matches, then the system will successfully convert the existing user account to an AD user account, and there will be no need to uninstall and reinstall desktop clients.  
  • When you integrate with Active Directory, desktop clients can be silently pushed, installed, and registered to end users without needing to alert the end user. For more information about silent installations, please reference the Silent Desktop Client Installation and Registration Knowledge Base article.

  • While Anchor will successfully integrate with any LDAP authentication source, it will not integrate with non-LDAP sources, such as Azure AD. While Azure AD supports internal LDAP authentication, it does not currently support external LDAP authentication. For more information, please reference this TechNet Blog

Troubleshooting End User Registration Issues

Within Active Directory, if the User must change password at next logon setting is enabled, attempts to register the desktop client or log in to the web portal will fail.

We suggest that you turn off the User must change password at next logon setting in Active Directory to ensure successful registration and logins.

Machine Method

To integrate with Active Directory using the machine method:

  1. On the server that houses Active Directory, download and install the desktop client. For instructions on installing the desktop client, please reference the End User Guide.
  2. After you install the desktop client, register the desktop client to a user account. For instructions on registering the desktop client, please reference the End User Guide.
  3. While still in the server that houses Active Directory, record the computer’s full computer name.
    • Click the Start menu, right-click Computer, and select Properties. The System window displays.
    • In the System window, find the informational field titled, Full Computer Name. Record the full name of the computer so that it can be referenced later.
      computer_name.png
  4. When you are finished installing and registering the desktop client, return to the administrative web portal.
  5. While in the appropriate organization, click the Settings tab. The Settings page displays.
  6. In the Settings page, click the Authentication tab. The Authentication section displays.
  7. In the Authentication section, click the Add Source button to add an authentication source.
    03000078.png
    The page refreshes to display a Configure an Authentication Source section of the page.
  8. In the Configure an Authentication Source section of the page, configure your authentication source.
    • In the Machine drop-down menu, select the name of the machine that houses your Active Directory.
    • In the Host field, enter the full computer name that you recorded above. This information can be found in your computer’s properties.
    • In the Domain field, enter the Active Directory Fully Qualified Domain Name (FQDN) (for example, anchor.com).
    • In the Login field, enter a username that has administrative access to Active Directory.
    • In the Password field, enter the corresponding password for the administrative user.
    • Click the Save button when you are finished.
      03000079.png
      After you have entered information for Active Directory, the page will refresh to show you a listing of all current authentication sources.
  9. In the Manage column, click the Import Users button.
    0300007A.png
    The page refreshes to show import settings.
  10. Configure settings for importing users.
    • Select the Send Welcome Email checkbox to send a welcome email as soon as users are imported into the system. 
    • Select the Enable WebDAV checkbox to enable WebDAV.
    • Use the Add to Team Shares box to select the Team Shares to which all user accounts should be added. Alternatively, click the All button to add all user accounts to all Team Shares, or click the None button if you do not want to add user accounts to Team Shares. Please note that you can add user accounts to Team Shares after they have been created. 
      0300007B.png
  11. In the Organizational Units box, browse and select the Active Directory users that should be imported; alternatively, select specific organizational units (OUs) to be added to the system.
    0300007C.png
  12. Click the Import Selected Users button to import the users into the system. End users can now log in to the system, and register devices, using their Active Directory credentials.

Server Method

To integrate with Active Directory using the server method:

  1. While in the appropriate organization, click the Settings tab. The Settings page displays. 
  2. In the Settings page, click the Authentication tab. The Authentication section displays.
  3. In the Authentication section, click the Add Source button to add an authentication source.
    03000078.png
    The page refreshes to display a Configure an Authentication Source section of the page.
  4. In the Configure an Authentication Source section of the page, configure your authentication source.
    • In the Machine drop-down menu, select Use Server.
    • In the Host field, enter the internal IP address of the Active Directory server machine if it is on the same network as the Anchor Server.  If the Active Directory server machine is outside of your network, enter the publicly resolvable host name or IP address.
    • In the Domain field, enter the Active Directory Fully Qualified Domain Name (FQDN) (for example, anchor.com).
    • In the Login field, enter a username that has administrative access to Active Directory.
    • In the Password field, enter the corresponding password for the administrative user.
    • Click the Save button when you are finished.
      03000079.png
      After you have entered information for Active Directory, the page will refresh to show you a listing of all current authentication sources.
  5. In the Manage column, click the Import Users button.
    0300007A.png
    The page refreshes to show import settings.
  6. Configure settings for importing users.
    • Select the Send Welcome Email checkbox to send a welcome email as soon as users are imported into the system. 
    • Select the Enable WebDAV checkbox to enable WebDAV.
    • Use the Add to Team Shares box to select the Team Shares to which all user accounts should be added. Alternatively, click the All button to add all user accounts to all Team Shares, or click the None button if you do not want to add user accounts to Team Shares. Please note that you can add user accounts to Team Shares after they have been created. 
      0300007B.png
  7. In the Organizational Units box, browse and select the Active Directory users that should be imported; alternatively, select specific organizational units (OUs) to be added to the system.
    0300007C.png
  8. Click the Import Selected Users button to import the users into the system. End users can now log in to the system, and register devices, using their Active Directory credentials.

(2 vote(s))
Helpful
Not helpful

Comments (0)