Follow

Installation Guide - AD Integration

Introduction

The Pronestor AD integration is used for importing users into Pronestor Visitor from an Active Directory. Users are maintained in the Active Directory as always and Pronestor reads all user information from here.

The following steps take you through the installation and configuration of the Pronestor AD Integration.

  1. Create a Service Account
  2. Create Active Directory structure
  3. Install and configure the AD-integration

 

Create a Service Account

Pronestor uses this Service Account in the AD integration. Set the Service Account’s password to never expire.

  • Using Windows authenticated database connection:
    Create a Service Account with permissions to 1: read from the Active Directory and 2: write to the Pronestor SQL database and 3: run a scheduled task.
    Please note: We recommend to use the same Service Account as when creating the Pronestor database.
  • Using SQL authenticated database connection:
    Create a Service Account with permissions to 1: read from the Active Directory and 2: run a scheduled task.
    Please note: We recommend to use the Pronestor SQL user account for the Pronestor database.

 

Active Directory structure

  • Create an OU (Organizational Unit) (referred to here in the guide as ”proNestorOU”)
  • Create a group containing all hosts as a Security Group or distribution list in the proNestorOU
  • Make a note of the path to proNestorOU since we will need that for configuration of the AD Integration module 

Please note: You can either create a dedicated OU for Pronestor or reuse an existing OU.

An OU can be located anywhere in the Active Directory. Each host group required in Pronestor must be created in the Active Directory as a distribution list or a security group. These groups have to be populated with the respective hosts, or you can add existing groups into the Pronestor groups, that contain these hosts.


Install AD integration

Note: Only required for on-premise installation of Pronestor Room

Install the Pronestor AD-Integration module. Unzip the installation files to a dedicated Pronestor folder in Program Files (x86)->Pronestor->ADIntegration.

Edit the file ADIntegration.exe.config using Notepad.

Edit each key in the file as follows:

  • ADAdminUserservice account with read permissions to the AD
    <add key="ADAdminUser" value="administrator"/>
  • ADAdminPasswordpassword for the service account
    <add key="ADAdminPassword" value="********"/>
  • ADFullPath – LDAP path to the AD server (here called pronestorserver
    <add key="ADFullPath" value="LDAP://pronestorserver"/>
  • proNestorOULocation – path to the created proNestorOU
    <add key="proNestorOULocation" value="/OU=pronestorOU,DC=pronestordomainr"/>
  • TestImport – set to true until everything is confirmed and ready
    <add key="TestImport" value="true"/>
  • Save file and close Notepad

Open Program Files (x86)\Pronestor\ADIntegration\ADIntegration.exe

(run as to ensure administrator privileges)

Click Import in the upper left corner.

Now all groups should be found and listed.

Please note: If it fails – please check ADIntegration.exe.config settings. If necessary – check adlog.txt for error messages.


Linking Pronestor and Active Directory groups

Go to the 'linking' tab in the AD Integration module.

  • Linking: Load current linkage and set up linking by choosing the right Active Directory sub groups in the drop down menu. Save.
  • Sessions: Run the first import of hosts manually.

Edit the file ADIntegration.exe.config using Notepad.

  • Set TestImport under AppSetting
  • TestImport – set to false
    <add key="TestImport" value="true"/>
  • Save and close
  • Open Program Files (x86)\Pronestor\ADIntegration\ADIntegration.exe
  • Start importing hosts by clicking 'Import'

 

Set up scheduled task

Note: Only required for on-premise installation of Pronestor Room

Set up a scheduled task for automatic updates and maintenance of the hosts.

You create the scheduled task on the app server and we recommend that you set the recurrent time during night time because of the minimum system load in this period.

In the 'Task Scheduler' (located in Control Panel\System and Security\Administrative Tools):

  • Create task
  • General:
    Name 
    the task and set as follows:

  • Triggers:
    New Trigger - set frequency and time:

  • Actions:
    New Action - Start a program
    Browse for the 'ADIntegration.exe' file
    Click OK and click OK

  • Type your credentials for the Service Account and enter.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk