DOCSLIB.ORG

Active Directory Integration with Entrapass Application Note

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Active Directory Integration with Entrapass Application Note Application Note Active Directory integration with EntraPass This application note explains how to integrate and configure EntraPass card holders with Microsoft Active Directory users. Requirements You need the following components to configure EntraPass with Microsoft Active Directory: EntraPass v7.10 or higher: o Corporate edition, part number E-COR-LDAP o Global edition, part number E-GLO-LDAP EntraPass Smartlink running on your computer. System requirements To ensure appropriate performance use the following component specifications: Intel i5 processor or equivalent 8 GB RAM 7200 RPM, 1 TB hard drive PCI express graphics card with 1 GB memory and DirectX 9.0 support Active Directory pre-requirements To connect to the Active Directory (AD), and import AD users into EntraPass, complete the following steps: 1. Log in as a domain user. For example, ktsadmin. 2. Add the domain user to the Domain Users and the Domain Admins groups. 3. To isolate the AD users you want to import, create a new domain group. 4. If the existing AD fields do not match the EntraPass fields, create custom attributes fields for CardType, AccessLevelGroup, and CardNumber. These are in addition to the AD preset attributes. See the following table for the credentials you need before you begin to configure the two systems. Table 1: Active Directory credentials Active Directory Purpose Domain user name and password To connect to the AD Domain group To isolate the users that you want to import to EntraPass as card holders Internet Protocol (IP) address or To connect to the Windows domain controller domain name (DN) of the domain controller Registering the AD license To register the AD license using the EntraPass workstation, complete the following steps: 1. Click the Options tab, and then click Registration from the menu. 2. From the Optional or additional system components list, select EntraPass LDAP. 3. Click the Click here to install component button. 1 Application Note DN2173-1909 Figure 1: Additional components list 4. In the Component registration window, enter the Option serial number. If the code is correct, the registration details within the list box become active. 5. Use one of the following options to obtain the Registration confirmation code: a. For North America, call the Kantech technical support line on 1 888 222 1560. For other regions, see the support details in the Support list. b. Log in to www.kantech.com. Click the Support tab and then click Kantech Registration. 6. From EntraPass, in the Component registration window, enter the Registration confirmation code. If you enter the correct code, the OK button becomes active. Click OK. You should now see the LDAP component in the System Component – Features list on the Registration window. Configuring the Active Directory To configure the initial Active Directory connection in EntraPass, complete the following steps: 1. Click the System tab, and then click Active Directory from the menu. 2. Click the New button and name the AD connection accordingly. 3. Select one of following communication types, and enter their appropriate values: The Active Directory Domain controller IP address. The Active Directory Domain name. 4. In the LDAP base DN (User) field, enter the Domain group previously created in the AD. 5. In the LDAP binding DN field, enter the Domain user created to connect to the AD as Username. Note: You may need to use the format mydomain\username. 6. In the LDAP password field, enter the LDAP binding DN password. 7. In the Sync interval (hh.mm.ss) field, enter the amount time that you want between each sync. Click the Save button. 2 Application Note DN2173-1909 8. Click the Import AD/LDAP button. The number in the Imported fields changes when the import completes. To confirm the Active directory connection, click Desktop #1 from the Desktops menu. The Active directory connection restored event appears. Figure 2: Active directory connection restored event Mapping EntraPass user fields with Active Directory attributes To map EntraPass user fields using the EntraPass workstation, complete the following steps: 1. Click the System tab, and then click Active Directory from the menu. 2. Select the Active Directory integration that you want from the Active Directory list. 3. Click the User Mapping tab and use the Managed by Active Directory checkboxes to select the EntraPass fields you want. 4. Enter the Active Directory corresponding label in the Active Directory fields. Note: Different fields require different types of data: use text or a combination of text and numerical data. EntraPass manages the fields that it can or cannot map. Figure 3: The Active Directory User Mapping tab 5. Click the Save button, and then click Sync now. Wait for EntraPass to synchronize the changes; the time varies based on the delay time set. 3 Application Note DN2173-1909 When the import is complete, click the Desktops tab to view the Messages list. The following event is an example of what occurs in EntraPass. Figure 4: Event Working examples of correct configuration in LDAP prior to EntraPass configuration In this example, you see the properties of the Name and Active Directory Domain Services Folder. The user must be a member of the LDAP Base DN (User) group. The example uses EntraPassUsers. Figure 5: Member Of Properties In this example, you see the properties of a new user with a card number in the HH:00000 format and an integer Card type. Follow these conditions: The cardNumber attribute value must include a colon, for example ab:54321. The cardType attribute value is an integer. Use the component ID. To obtain the ID, see Obtaining the component ID in EntraPass in the General information section. If an attribute is blank in the AD, it will be blank in EntraPass. Figure 6: Attribute Editor Properties General information This section includes additional information that may be useful when you integrate and configure EntraPass Card holders with Microsoft Active Directory users. 4 Application Note DN2173-1909 If an AD attribute is not visible in the Active Directory list but exists in the AD, then you can manually type the exact name. Prior to deactivating a user in LDAP, deactivate the user in EntraPass using the mapped attribute assigned for Stolen/lost or Card State. EntraPass only imports Card holder information from LDAP. EntraPass will not update any attribute values in LDAP. EntraPass automatically links the Card user name to the AD Display Name. You cannot modify this. If Managed by Active Directory is in the Card window, only LDAP can modify user fields. EntraPass operators cannot modify imported fields using the EntraPass Workstation, Web or Go. Figure 7: Managed by Active Directory in Card window Obtaining the component ID in EntraPass Use the component ID needed in the LDAP configuration for importing database fields like Card Type and Card Access Groups. There are two procedures for obtaining the component ID, one is for an individual component and one is for a complete list. To obtain the component ID, choose from the following options: Individual component ID 1. From the EntraPass Workstation, click the Users tab and then click Card Type from the menu. 2. Select the card type you want from the Card Type list. 3. Hover over your selection to display the card type ID in the tool tip. Figure 8: Individual component ID reference number Complete lists 1. From the EntraPass Workstation, click the Users tab and then click Card Type from the menu. 2. Click the Printer icon. 5 Application Note DN2173-1909 3. Select the card types you want, and then click Preview. The component ID for each card type displays in parentheses after the category name. Figure 9 List of card types Figure 10: List of component ID reference numbers © 2019 Johnson Controls. All rights reserved. JOHNSON CONTROLS, TYCO and KANTECH are trademarks and/or registered trademarks. Unauthorized use is strictly prohibited. Specifications are subject to change without prior notice. Contact telephone numbers: 1 450 444 2030. Toll free: 1 888 222 1560. www.kantech.com 6 .
Load more

Recommended publications
  • 1 Table of Contents List of Figures
    Table of Contents List of Figures ..................................................................................................................... 4 List of Tables ...................................................................................................................... 5 Chapter 1: Introduction....................................................................................................... 6 1.1 Introduction....................................................................................................................6 1.2 Problem Statement .......................................................................................................12 1.3 Thesis Objective...........................................................................................................12 1.4 Thesis Organization.....................................................................................................14 Chapter 2: Intrusion Detection.......................................................................................... 15 2.1 Introduction..................................................................................................................15 2.2 What is an IDS .............................................................................................................15 2.2.1 The Basic Concepts of Intrusion Detection......................................................16 2.2.2 A Generic Intrusion-Detection System.............................................................17 2.2.3 Characteristics of
    [Show full text]
  • Blackbaud CRM Security Guide
    Security Guide 11/10/2014 Blackbaud Direct Marketing 4.0 Security UK ©2014 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical, including photocopying, recording, storage in an information retrieval system, or oth- erwise, without the prior written permission of Blackbaud, Inc. The information in this manual has been carefully checked and is believed to be accurate. Blackbaud, Inc., assumes no responsibility for any inaccuracies, errors, or omissions in this manual. In no event will Blackbaud, Inc., be liable for direct, indirect, special, incidental, or consequential damages resulting from any defect or omission in this manual, even if advised of the possibility of damages. In the interest of continuing product development, Blackbaud, Inc., reserves the right to make improvements in this manual and the products it describes at any time, without notice or obligation. All Blackbaud product names appearing herein are trademarks or registered trademarks of Blackbaud, Inc. All other products and company names mentioned herein are trademarks of their respective holder. Security-2014 Contents CONTENTS I SECURITY 1 Fundamentals of Security 1 APPLICATION USERS 3 Search for Users 3 Application User Records 4 Add an Application User 4 Edit Users 5 Delete Users 6 Grant/Revoke Users Administrator Rights 6 Run the Program as a Selected User 6 Organisational Unit Record 7 Application Users Page 8 Manage System Roles of an Application User 8 Add System Roles
    [Show full text]
  • Lesson 14: Creating and Managing Active Directory Users and Computers
    Lesson 14: Creating and Managing Active Directory Users and Computers MOAC 70-410: Installing and Configuring Windows Server 2012 Overview • Exam Objective 5.2: Create and Manage Active Directory Users and Computers • Creating User Objects • Creating Computer Objects • Managing Active Directory Objects © 2013 John Wiley & Sons, Inc. 2 Creating User Objects Lesson 14: Creating and Managing Active Directory Users and Computers © 2013 John Wiley & Sons, Inc. 3 Creating User Objects • The user account is the primary method for authentication on a network. • Usernames and passwords are validated at log on by comparing entered information to the information stored in the AD DS database. © 2013 John Wiley & Sons, Inc. 4 Types of Users • Local users: These accounts can only access resources on the local computer and are stored in the local Security Account Manager (SAM) database on the computer where they reside. • Domain users: These accounts can access AD DS or network-based resources, such as shared folders and printers. o Account information for these users is stored in the AD DS database and replicated to all domain controllers within the same domain. © 2013 John Wiley & Sons, Inc. 5 Built-In User Accounts Administrator and Guest • On a member server or standalone server: The built-in local Administrator account has full control of all files as well as complete management permissions for the local computer. • On a domain controller: The built-in Administrator account created in Active Directory has full control of the domain in which it was created. The Administrator account cannot be deleted, but it can be renamed. © 2013 John Wiley & Sons, Inc.
    [Show full text]
  • The 12 Essential Tasks of Active Directory Domain Services
    WHITE PAPER ACTIVE DIRECTORY DOMAIN SERVICES The 12 Essential Tasks of Active Directory Domain Services Using the right tools and processes helps reduce administrative overhead and ensures directory service is always available By Nelson Ruest and Danielle Ruest Sponsored by WHITE PAPER ACTIVE DIRECTORY DOMAIN SERVICES ABSTRACT Active Directory Domain Services (AD DS) administration and management includes Sponsored by 12 major tasks. These tasks cover a wide breadth of business needs and are not all performed solely by AD DS administrators. In fact, administrators can and should delegate several tasks to other members of their technical community, technicians, help desk personnel, even users such as team managers and administrative assistants. While delegation is a way to reduce the amount of work administrators have to do when managing AD DS infrastructures, it really only addresses one or two of the 12 tasks, for example, user and group administration as well as end point device administration. The other ten tasks can be staggering in nature—security, networked service administration, OU-Specific Management, Group Policy Object management and many more—and because of this can take up inordinate amounts of time. You can rely on Microsoft’s built-in tools to reduce some of this workload, but are the native tools enough? Perhaps it’s time to reduce AD DS administration overhead by automating most tasks and tightening internal security. Address this by first, determining what the twelve essential labors of Active Directory are and then, see how you can reduce AD DS workloads through the implementation of proper management and administration tools.
    [Show full text]
  • Active Directory with Powershell
    Active Directory with PowerShell Learn to configure and manage Active Directory using PowerShell in an efficient and smart way Uma Yellapragada professional expertise distilled PUBLISHING BIRMINGHAM - MUMBAI Active Directory with PowerShell Copyright © 2015 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: January 2015 Production reference: 1200115 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78217-599-5 www.packtpub.com Credits Author Project Coordinator Uma Yellapragada Sageer Parkar Reviewers Proofreaders David Green Simran Bhogal Ross Stone Stephen Copestake Nisarg Vora Martin Diver Ameesha Green Commissioning Editor Paul Hindle Taron Pereira Indexer Acquisition Editor Hemangini Bari Sonali Vernekar Production Coordinator Content Development Editor Aparna Bhagat Prachi Bisht Cover Work Technical Editor Aparna Bhagat Saurabh Malhotra Copy Editors Heeral Bhatt Pranjali Chury Gladson Monteiro Adithi Shetty About the Author Uma Yellapragada has over 11 years of experience in the IT industry.
    [Show full text]
  • Active Roles 7.3 Skype for Business Server User Management
    One Identity Active Roles 7.3 Skype for Business Server User Management Administration Guide Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of One Identity LLC . The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice.
    [Show full text]
  • Using IIS Application Request Routing to Publish Lync Server 2013 Web Services
    Using IIS Application Request Routing to Publish Lync Server 2013 Web Services DISCLAIMER © 2014 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Hyper-V, Internet Explorer, Lync, PowerPoint, Silverlight, SQL Server, Windows, Windows PowerShell, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. THE CONTENTS OF THIS PACKAGE ARE FOR INFORMATIONAL AND TRAINING PURPOSES ONLY AND ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. No part of the text or software included in this training package may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission from Microsoft. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To obtain authorization for uses other than those specified above, please visit the Microsoft Copyright Permissions Web page at http://www.microsoft.com/about/legal/permissions This content is proprietary and confidential, and is intended only for users described in the content provided in this document. This content and information is provided to you under a Non-Disclosure Agreement and cannot be distributed.
    [Show full text]
  • Using Microsoft Active Directory (AD) with Eonstor GS/Gse in Windows Server
    Using Microsoft Active Directory (AD) with EonStor GS/GSe in Windows Server Application Note Abstract: This application note describes how to use Microsoft Active Directory (AD) service with EonStor GS/GSe systems in Windows Server environments. Copyright © 2016 Infortrend Technology, Inc. All rights reserved. Infortrend, ESVA, EonStor, EonNAS and EonPath are trademarks or registered trademarks of Infortrend. All other marks and names mentioned herein may be trademarks of their respective owners. The information contained herein is subject to change without notice. The content provided as is, without express or implied warranties of any kind. Table of Content Table of Content Table of Content ......................................................................................................................... 2 Using Microsoft Active Directory with EonStor GS/GSe ............................................................... 3 Preparing the Environment ........................................................................................................ 4 Step 1: Time setting .................................................................................................................... 4 Step 2: Check channel connection .............................................................................................. 5 Step 3: Check IP address of AD & DNS ........................................................................................ 5 Adding AD Server to EonStor GS/GSe ........................................................................................
    [Show full text]
  • Windows Powershell Best Practices Windows Powershell Best Practices
    Windows PowerShell Best Practices Windows PowerShell Best Practices Expert recommendations, pragmatically applied Automate system administration using Windows PowerShell best practices—and optimize your operational efficiency. With this About the Author practical guide, Windows PowerShell expert and instructor Ed Ed Wilson, MCSE, CISSP, is a well-known Wilson delivers field-tested tips, real-world examples, and candid scripting expert and author of “Hey Windows Scripting Guy!”—one of the most popular advice culled from administrators across a range of business and blogs on Microsoft TechNet. He’s written technical scenarios. If you’re an IT professional with Windows several books on Windows scripting PowerShell experience, this book is ideal. for Microsoft Press, including Windows PowerShell 2.0 Best Practices and Windows PowerShell Scripting Guide. Discover how to: PowerShell • Use Windows PowerShell to automate Active Directory tasks • Explore available WMI classes and methods with CIM cmdlets • Identify and track scripting opportunities to avoid duplication • Use functions to encapsulate business logic and reuse code • Design your script’s best input method and output destination • Test scripts by checking their syntax and performance • Choose the most suitable method for running remote commands • Manage software services with Desired State Configuration Wilson BEST PRACTICES microsoft.com/mspress ISBN 978-0-7356-6649-8 U.S.A. $59.99 55999 Canada $68.99 [Recommended] 9 780735 666498 Operating Systems/Windows Server Celebrating 30 years! Ed Wilson 666498_Win_PowerShell_Best_Practices.indd 1 4/11/14 10:30 AM Windows PowerShell Best Practices Ed Wilson 666498_book.indb 1 12/20/13 10:50 AM Published with the authorization of Microsoft Corporation by: O’Reilly Media, Inc.
    [Show full text]
  • Dell Openmanage IT Assistant Version 8.9 Release Notes
    Dell OpenManage IT Assistant Version 8.9 Release Notes What’s New New major features Now, you can launch the warranty support site and view the current warranty information. In addition to the Express Service Code for PowerEdge servers; now, IT Assistant displays Chassis Express Service code and Chassis Service Tag for PowerEdge Blade servers running OpenManage Server administrator version 6.5 or later. You can also see Enclosure specific Express service code in the Details tab. New OS Support Microsoft Windows 2008 Standard Server NOTE: These operating systems must be WoW64 enabled. Deprecated features The following features are not supported in IT Assistant: Topology view Volume Information Report—As IT Assistant does not support Volume Info Report, this will be removed if you upgrade from previous version to IT Assistant 8.9. Installation For information on Installation, see the Dell OpenManage IT Assistant version 8.9 on support.dell.com/manuals Prerequisites For more information on Operating system, Browser & Consoles, and Minimum hardware Configuration see the Dell Systems Software Support Matrix Version 6.5 on support.dell.com/manuals Database (SQL Server) SQL Server 2008 R2 (This is part of IT Assistant install). Also supports: SQL Server 2000 SQL Server 2005 SP1/SP2 Additional Softwares Navisphere(R) Secure CLI For Dell/EMC storage arrays inventory, ensure your array is FLARE(R) version 19 or above. You should also install Navisphere(R) Secure CLI (version 19 or above) on your management station. NOTE: This CLI software
    [Show full text]
  • Symmetry Software Installation Manual for Business, Professional and Enterprise Editions 8.1.0.2
    Symmetry Software Installation Manual For Business, Professional and Enterprise Editions 8.1.0.2 SECURITY MANAGEMENT SYSTEM 9600-0427 © G4S Technology Limited. 2016 All rights reserved. No part of this publication may be reproduced in any form without the written permission of G4S Technology Limited. Challenge House, International Drive, Tewkesbury, Glos, GL20 8UQ, U.K. Telephone: +44 (0) 1684 850977 Symmetry Software Installation Manual 9600-0427 Issue 8.1.0.2 (for version 8.1 of Symmetry) –19th April 2016 Microsoft and Windows are registered trademarks of Microsoft corporation. Intel, Core and XEON are trademarks or registered trademarks of Intel Corporation. Verint is a trademark of Verint Systems Inc. Aperio is a trademark of Assa Abloy AB. VMware is a registered trademark of VMware, Inc. All trademarks acknowledged. Contents 1. Preface ........................................................................................................................ iv About this Manual ....................................................................................................................................... iv Related Documents ..................................................................................................................................... iv 1. Chapter 1: Introduction .............................................................................................. 1 Symmetry Editions ......................................................................................................................................
    [Show full text]
  • [ Team Lib ] Active Directory, 2Nd Edition, Provides System And
    [ Team LiB ] • Table of Contents • Index • Reviews • Reader Reviews • Errata Active Directory, 2nd Edition By Robbie Allen, Alistair G. Lowe-Norris Publisher: O'Reilly Pub Date: April 2003 ISBN: 0-596-00466-4 Pages: 686 Active Directory, 2nd Edition, provides system and network administrators, IT professionals, technical project managers, and programmers with a clear, detailed look at Active Directory for both Windows 2000 and Windows Server 2003. Active Directory, 2nd Edition will guide you through the maze of concepts, design issues and scripting options enabling you to get the most out of your deployment. [ Team LiB ] [ Team LiB ] • Table of Contents • Index • Reviews • Reader Reviews • Errata Active Directory, 2nd Edition By Robbie Allen, Alistair G. Lowe-Norris Publisher: O'Reilly Pub Date: April 2003 ISBN: 0-596-00466-4 Pages: 686 Copyright Preface Intended Audience Contents of the Book Conventions in This Book How to Contact Us Acknowledgments Part I: Active Directory Basics Chapter 1. A Brief Introduction Section 1.1. Evolution of the Microsoft NOS Section 1.2. Windows NT Versus Active Directory Section 1.3. Windows 2000 Versus Windows Server 2003 Section 1.4. Summary Chapter 2. Active Directory Fundamentals Section 2.1. How Objects Are Stored and Identified Section 2.2. Building Blocks Section 2.3. Summary Chapter 3. Naming Contexts and Application Partitions Section 3.1. Domain Naming Context Section 3.2. Configuration Naming Context Section 3.3. Schema Naming Context Section 3.4. Application Partitions Section 3.5. Summary Chapter 4. Active Directory Schema Section 4.1. Structure of the Schema Section 4.2. Attributes (attributeSchema Objects) Section 4.3.
    [Show full text]