# Active Directory ## 1 Authenticating to Active Directory To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\\BobF" or "cn=Bob F,ou=Employees,dc=Domain"). The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism. By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, set the SSLServerCert property for the available formats to do so. ## 2 Connecting to Active Directory Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following: * FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port. * LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2. * UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials. ## 3 Fine Tuning Data Access The following properties control the scope of data returned: * BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. *Note*: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children. * Scope: This property enables more granular control over the data to return from a subtree.
Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults. |

Property

|

Description

| | ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |

|

| | Authentication | | | AuthMechanism | The authentication mechanism to be used when connecting to the Active Directory server. | | BaseDN | The base portion of the distinguished name, used for limiting results to specific subtrees. | | IntegratedSecurity | Whether or not to use the user's current context when logging in. | | LDAPVersion | The LDAP version used to connect to and communicate with the server. | | Password | The password for the distinguished name of the specified user. | | Port | The port the Active Directory server is running on. | | Scope | Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only). | | Server | The domain name or IP of the Active Directory server. | | UseDefaultDC | Used to connect to the default Domain Controller and authenticate using the current user credentials. | | User | The distinguished name of a user. | | Firewall | | | FirewallPassword | A password used to authenticate to a proxy-based firewall. | | FirewallPort | The TCP port for a proxy-based firewall. | | FirewallServer | The name or IP address of a proxy-based firewall. | | FirewallType | The protocol used by a proxy-based firewall. | | FirewallUser | The user name to use to authenticate with a proxy-based firewall. | | Logging | | | Logfile | A path to the log file. | | MaxLogFileCount | A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted. | | MaxLogFileSize | A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end. | | Verbosity | The verbosity level that determines the amount of detail included in the log file. | | Misc | | | ConnectionLifeTime | The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed. | | ConnectionString | \*\*\* | | FollowReferrals | Whether or not to follow referrals returned by the Active Directory server. | | FriendlyGUID | Whether to return GUID attribute values in a human readable format. | | FriendlySID | Whether to return SID attribute values in a human readable format. | | MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. | | Other | These hidden properties are used only in specific use cases. | | PoolIdleTimeout | The allowed idle time for a connection before it is closed. | | PoolMaxSize | The maximum connections in the pool. | | PoolMinSize | The minimum number of connections in the pool. | | PoolWaitTime | The max seconds to wait for an available connection. | | PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. | | Readonly | You can use this property to enforce read-only access to ActiveDirectory from the provider. | | SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. | | SupportEnhancedSQL | This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing. | | Timeout | The value in seconds until the timeout error is thrown, canceling the operation. | | UseConnectionPooling | This property enables connection pooling. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.appstrategy.com/apprules-r-documentation/platform/platform-features/system-settings/data-sources/connection-settings/services/activedirectory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.