Connection to Windows domain

Application

With the Connection to Windows domain function, you can connect the data of a domain controller with the control's user administration.

Ask your IT administrator to configure the connection to the Windows domain.

Requirements

  • User administration is active
  • Activating user administration

  • useradmin user is logged on
  • Users

  • Windows domain controller present in the network
  • Domain controller accessible in the network
  • Organizational unit for HEROS roles known
  • Function user is defined in the organization
  • User name and password of the function user are known

Description of function

Buttons

The Connection to Windows domain area provides the following buttons:

Button

Meaning

Configuration

The control opens the Configure Windows domain with function user window.

The Configure Windows domain with function user window

Find domain

The control selects a Windows domain.

Export the Windows config.

Once you have connected the control to the Windows domain, you can export the configurations for other controls.

Exporting and importing a Windows configuration file

Import the Windows config.

Using a present configuration, you can connect the control easily and quickly to the Windows domain.

Exporting and importing a Windows configuration file

Check missing role definitions

The control checks whether all of the required roles have been created in the Windows domain.

Add role definition

If any roles required in the Windows domain are missing, you can add the missing roles.

Groups of the domain

The Configure Windows domain with function user window

After the domain search, you can customize the Windows domain information or specify new information in the Configure Windows domain with function user window.

Your IT administrator will provide the required information.

The Configure Windows domain with function user window provides the following settings:

Setting

Meaning

Domain name:

Server name of the Windows domain

Is populated by domain search

Key Distribution Center (KDC):

KDC address

Is populated by domain search

Alternative admin server:

Deviating server name where the passwords are managed

Map SIDs to Unix UIDs

Map the Windows user SIDs (Security IDs) in Active Directory to the matching Unix UIDs on the control

Use LDAPs

Transfer data using secure LDAPs

LDAPs encrypt user data and passwords. You can select a certificate or disable certificate validation.

Group for login authorization:

Define a special group of Windows users to whom you want to restrict the connection to this control

Organizational unit for HEROS roles:

Modify the organizational unit in which the HEROS role names are stored

Specify the configuration of your domain.

Prefix for HEROS role names:

Change the prefix in order to manage users from different workshops, for example. Each prefix given to a HEROS role name can be changed (e.g., HEROS hall 1 and HEROS hall 2)

Is populated by domain search

Separator for HEROS role names:

Modify the separator within the HEROS role names

Function user:

User name and password of the Active Directory function user

Organizational unit for function user:

Organizational unit of the function user

Advanced configuration of domain section

Only for IT administrators

The function user's user name must not contain blanks. The name and organizational unit form the complete path (Distinguished Name, DN) in the Active Directory.

Groups of the domain

If not all of the required roles have been created in the domain as groups, the control issues a warning.

If the control issues a warning, proceed in one of the two following ways:

  • Use the Add role definition function to enter a role directly in the domain
  • Use the Export role definition function to export the roles to an *.ldif file

There are the following ways to create groups corresponding to the different roles:

  • Automatically when entering the Windows domain by specifying a user with administrator rights
  • By importing an import file in .ldif format to the Windows server

The Windows administrator must add the users manually to the roles (security groups) on the domain controller.

Two suggestions describing how the groups can be structured by the Windows administrator are given by below.

Example 1

The user is a direct or indirect member of the respective group:

Example 2

Users from various sectors (workshops) are members of groups with different prefixes:

Joining a Windows domain

To join a Windows domain:

  1. Open the User administration window
  2. Select Connection to Windows domain
  3. Select Find domain
  4. The control selects a domain.
  5. Select Configuration
  6. Check the data for Domain name: and Key Distribution Center (KDC):
  7. Enter Organizational unit for HEROS roles:
  8. Enter the user name and password of the function user
  9. Press OK
  10. Select APPLY
  11. The control connects to the Windows domain found.
  12. The control checks whether all of the required roles have been created in the domain as groups.

Exporting and importing a Windows configuration file

If you have connected the control to the Windows domain, you can export the required configurations for other controls.

To export the Windows configuration file:

  1. Open the User administration window
  2. Select Connect to Windows domain
  3. Select Export the Windows config.
  4. The control opens the Export the Windows domain configuration window.
  5. Select the directory for the file
  6. Enter the name for the file
  7. Select the Export the function user's password? check box, if required
  8. Select Export
  9. The control saves the Windows configuration as a BIN file.

To import the Windows configuration file of another control:

  1. Open the User administration window
  2. Select Connect to Windows domain
  3. Select Import the Windows config.
  4. The control opens the Import the Windows domain configuration window.
  5. Select the existing configuration file
  6. Select the Import the function user's password? check box, if required
  7. Select Import
  8. The control adopts the configurations for the Windows domain.