• Welcome
• Take our Survey
• Getting Starting
• FAQ's
• Creating Applications
• Setting up a Portal
• User Pages
• Email Notifications
• Item Routing
• Applications
• Administration
• Access Rights & Permissions
• intraNET Installation
• Active Directory Sync
  • LDAP SSL Setup
• ActiveX Components

IntraNET Active Directory Integration Guide

Automatically Synchronize Active Directory Users with your company Intranet

If your not using intraNET from Vialect click here to learn more.

Features
Accessible as Active Directory settings tab in intraNET Systems Settings area
Import & update Active Directory users from a specified group
Syncing fields: firstname, lastname, email, phone1, phone2, pager, mobile, fax, address, city, state, country, zip, note, expiry, change password on login, locked
Saving password from intranet to AD requires SSL installed on Active Directory (AD required security policy)
Password fields disabled for AD users if SSL disabled
Domain drop down on the login page when Active Directory is enabled, allowing the selection of the proper domain

Configuration
System Tools - System Settings

intraNET uses LDAP access to connect to Active Directory on port 389 (no SSL) or 636 (with SSL). If you use firewall protection on the Primary Domain Controller make sure that one of the above ports are accessible from intraNET server.


To secure the data flowing between the LDAP server and the intraNET Application Server, you must set up the LDAP server to use the Secure Sockets Layer (SSL) protocol. Setting up LDAP over SSL is optional.


To use Active Directory as the LDAP Server, you should configure the LDAP connection between intraNET Server and Active Directory over SSL. Configuring the connection between intraNET Server and Active Directory over SSL is required if you want to create new users to the LDAP using intraNET Server. This is because Active Directory will not allow an unsecured LDAP connection to be used to set the password for a user. If you do not intend to use intraNET Server to create new users in Active Directory, then you do not need to configure LDAP to Active Directory over SSL. Also you need Active Directory over SSL if you intend to update users’ passwords from intraNET application


intraNET allows you to enable/disable the use of SSL for the connection between intraNET Server and Active Directory. When SSL is disabled you can’t update passwords for Active Directory users from intraNET application. The password field will be disabled in intraNET

It is required that you first get intraNET Active Directory (non-SSL) successfully working before setting it up over SSL. By doing this, you can verify that the directory is responding to LDAP requests before setting it up for SSL.

To import Active Directory users to intraNET server you must set up the Primary Domain Controller as the “Server Name” to use for intraNET settings.

To import Active Directory users to intraNET server you must provide login credentials that have administrative rights on the Active Directory. intraNET requires “Administrative username” and “Administrative password”. The username must be in the UPN name format “username@FQDN”. For example, if within the company, the Active Directory root domain is named “domain.local” and the administrative username is “jsmith”, the intraNET “Administrative username” used to connect to PDC will be “jsmith@domain.local”.

The “Domain” specified to be imported to intraNET will be in the fully qualified domain name from the Active Directory.

intraNET imports ONLY users that are members to the “Group Name” specified in intraNET Active Directory settings tab. Active Directory users can be located in any Organizational Unit or Container in Active Directory. If the “Group Name” is empty (null), intraNET will import all Active Directory users.

intraNET verifies Active Directory user credentials at login against LDAP server all the time. (username & password)

intraNET User List with Active Directory and intraNET users:

When Active Directory is enabled, the intraNET users list will be updated with AD users. The Active Directory user attributes can be updated from intraNET to Active Directory. The password will be updated ONLY if SSL is enabled for LDAP server and in intraNET Active Directory settings.

intraNET can import / update the following Active Directory user attributes:
First Name & Last Name
Username (login name)
Email Address
Address attributes
any other user attribute available in intraNET user profile
User password, ONLY if SSL is enabled

intraNET group membership will not change Active Directory group membership for Active Directory users synchronized with intraNET.




Active Directory users cannot be removed or disabled from Active Directory using intraNET Application. To remove an Active Directory user from intraNET you have to remove the user from Active Directory group that intraNET is synchronized with.


Main Login Page:

When Active Directory is enabled, a new domain drop down box will be displayed under the password field. To log into an AD account, select the correct domain from the list. To log into a local intraNET account, select “local intraNET”.
When an AD domain is selected, authentication will occur against the AD server.


Technical Overview
The AD implementation uses 100% JNDI & LDAP to access and update Active Directory. Access to the server is configured in system settings using the account specified. TCP ports used to connect to PDC are LDAP ports 636 (if uses SSL) or 389 (if no SSL).

SPECIAL NOTES:
intraNET license key should accommodate the total number of users (intraNET native and AD native).
Using SSL requires client certificate installed on the intraNET server (see LDAP Certificates Documentation).
Using SSL requires the use of the Fully Qualified Domain Name of PDC, as specified in the SSL certificate. Make sure that intraNET server can access this FQDN over your network (ex. myserver.mydomain.com)