# Active Directory ## 1 Authenticating to Active Directory To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\\BobF" or "cn=Bob F,ou=Employees,dc=Domain"). The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism. By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, set the SSLServerCert property for the available formats to do so. ## 2 Connecting to Active Directory Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following: * FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port. * LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2. * UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials. ## 3 Fine Tuning Data Access The following properties control the scope of data returned: * BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. *Note*: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children. * Scope: This property enables more granular control over the data to return from a subtree.
Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults. |

Property

|

Description

| | ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |

|

| | Authentication | | | AuthMechanism | The authentication mechanism to be used when connecting to the Active Directory server. | | BaseDN | The base portion of the distinguished name, used for limiting results to specific subtrees. | | IntegratedSecurity | Whether or not to use the user's current context when logging in. | | LDAPVersion | The LDAP version used to connect to and communicate with the server. | | Password | The password for the distinguished name of the specified user. | | Port | The port the Active Directory server is running on. | | Scope | Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only). | | Server | The domain name or IP of the Active Directory server. | | UseDefaultDC | Used to connect to the default Domain Controller and authenticate using the current user credentials. | | User | The distinguished name of a user. | | Firewall | | | FirewallPassword | A password used to authenticate to a proxy-based firewall. | | FirewallPort | The TCP port for a proxy-based firewall. | | FirewallServer | The name or IP address of a proxy-based firewall. | | FirewallType | The protocol used by a proxy-based firewall. | | FirewallUser | The user name to use to authenticate with a proxy-based firewall. | | Logging | | | Logfile | A path to the log file. | | MaxLogFileCount | A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted. | | MaxLogFileSize | A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end. | | Verbosity | The verbosity level that determines the amount of detail included in the log file. | | Misc | | | ConnectionLifeTime | The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed. | | ConnectionString | \*\*\* | | FollowReferrals | Whether or not to follow referrals returned by the Active Directory server. | | FriendlyGUID | Whether to return GUID attribute values in a human readable format. | | FriendlySID | Whether to return SID attribute values in a human readable format. | | MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. | | Other | These hidden properties are used only in specific use cases. | | PoolIdleTimeout | The allowed idle time for a connection before it is closed. | | PoolMaxSize | The maximum connections in the pool. | | PoolMinSize | The minimum number of connections in the pool. | | PoolWaitTime | The max seconds to wait for an available connection. | | PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. | | Readonly | You can use this property to enforce read-only access to ActiveDirectory from the provider. | | SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. | | SupportEnhancedSQL | This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing. | | Timeout | The value in seconds until the timeout error is thrown, canceling the operation. | | UseConnectionPooling | This property enables connection pooling. |