The Active Directory Setup Screen

The Active Directory Setup screen (illustrated below) lets you enable and disable the Active Directory feature, as well as determine other aspects of AD management, such as whether users and groups are automatically updated. To access the screen, click Configuration -> Active Directory -> Setup from the left panel of the Workarea.

The following table describes the fields on the screen.


Field	Description	For more information, see
Active Directory Installed
Active Directory Authentication	If enabled, user authentication is functional, and you can enable the following three fields.	User Authentication Only Mode
Active Directory Integration	If enabled, the Active Directory feature is functional. Can only be enabled if Active Directory Authentication is enabled.	Active Directory Integration
Auto Add User	If enabled, user information is copied from the AD to Ektron CMS400.NET when that user logs in or when the user is added to Ektron CMS400.NET. Can only be enabled if Active Directory Integration is enabled.	Associating User Information in AD with Ektron CMS400.NET
Auto Add User To Group	If enabled, a user's group membership is first copied from the AD when a user logs in or is added. Can only be enabled if Active Directory Integration is enabled.	User Groups
User Property Mapping
FirstName	Enter the Active Directory Property that maps to the user's first name in Ektron CMS400.NET. By default, this is set to givenName, but you can change it to any AD property.	MSDN Library (http://msdn.microsoft.com/library/default.asp)> Active Directory, ADSI and Directory Services > Directory Services > Active Directory > Active Directory Reference > Active Directory User Interface Mappings.
LastName	Enter the Active Directory Property that maps to the user's last name in Ektron CMS400.NET. By default, this is set to sn, but you can change it to any AD property.	same reference as FirstName (above)
EmailAddr1	Enter the Active Directory Property that maps to the user's last name in Ektron CMS400.NET. By default, this is set to mail, but you can change it to any AD property.	same reference as FirstName (above)
Ektron CMS400.NET Administrator Group Mapping
AD Group Name @ AD Domain	Enter the Active Directory user group and domain name that maps to the hard coded Ektron CMS400.NET administrator group. If you do not have an AD user group that includes all Ektron CMS400.NET administrators, you should create one and enter its name and domain here.	Mapping the Administrator Group
Domain	If you want to restrict the search of new users and groups to one AD domain, select that domain. If you do, the Search Active Directory for Users and Search Active Directory for Groups screens let you search in the selected domain only. Also, if any Ektron CMS400.NET user or group names include a domain (for example, admin@saturn.planets.com) that is excluded by your selection, those users/groups are flagged on the Active Directory Setup and Active Directory Status screens because the names now include an invalid domain.

Messages Near the Top of the Active Directory Setup Screen


Message	Explanation
Active Directory Authentication is Enabled and Requires More Configuration.	Some Ektron CMS400.NET users are not associated with AD users. Also, if you are using full active directory integration mode, user groups and/or user group relationships may not be associated.
Active Directory Authentication is disabled, but needs further configuration	Some Ektron CMS400.NET users and/or groups are no longer unique. This happens because, in the AD, users and groups can share a logon name as long as their domains are different. But, when AD authentication is disabled, two Ektron CMS400.NET users or groups can no longer share a name -- each name must be unique.

If you see either message, click it. You proceed to the Active Directory Status screen, which helps you resolve the discrepancies.