Set up Active Directory authentication in SEM 6.3.0 and older

These steps apply to SEM version 6.3.0 and older. To configure newer versions of SEM (version 6.3.1 and above), see Set up Active Directory authentication in SEM

Complete the steps in this topic to allow users to log in to SEM with their Active Directory credentials.

Configure the Directory Service Query connector

Before you begin, gather the following:

  • Either the IP address or fully-qualified domain name (FQDN) of the Active Directory server.
  • The domain credentials for an account that the Directory Service Query connector can use.

To get directory server details, open a Windows command prompt on a computer on the correct network and type nslookup.

  1. Open the SEM console. See Log in to the SEM web console for steps.

  2. Select the SEM Manager.

  3. On the SEM toolbar, navigate to Manage > Appliances.

  4. Click the gear icon next to your SEM Manager, and then select Connectors.

  5. Enter Directory Service Query in the search box on the Refine Results pane.

  6. Click the gear icon next to the master connector on the right, and select New.

  7. Complete the Directory Service Query connector form:

    1. In the Domain Name field, enter the fully-qualified domain name for your directory service server using lowercase characters.

      For example, example.com.

    2. In the Directory Service Server field, enter the IP address or hostname of your directory service server.

    3. SolarWinds recommends using the IP address to avoid possible DNS issues. The SEM network configurations (netconfig) allow for setting or changing the DNS server to resolve the host.
    4. Enter the domain credentials for a user account that the connector can use.

      SolarWinds recommends using a service account with a non-expiring password, otherwise you will have to manually update the connector every time the password expires. This account does not need elevated privileges. When entering domain credentials, provide only the user name.

    5. If the Active Directory server supports encryption, select TLS or SSL from the Encryption drop-down list. Otherwise, select No SSL.

    6. If using a non-standard port, enter it in the Custom Port field.

  8. When finished, click Save.

  9. Locate the new instance of the connector. The gray icon in the Status column indicates that the connector is not running.

  10. Click the gear icon next to the new connector, and then select Start. A green icon in the Status column indicates that the connector is running.

A green icon in the Status column indicates that the connector is running.

Test the Directory Service Query connector settings

  1. Click the Test Domain Connection button at the bottom of the connector settings pane.

  2. Create an nDepth query. See Create an nDepth query for steps.
    • Expand the Event Groups menu, select Any Alert, and drag EventInfo into the nDepth search bar.

    • Enter *Connection to* in the search field.

  3. Run the search.

  4. To view the results, click Results Details on the nDepth explorer toolbar.

  5. Check the EventInfo field to verify that it does not say Connection to Directory Service failed.

Import your Active Directory organizational groups into SEM

Complete these steps to import your directory service groups into SEM Manager and start the group synchronization process. The synchronization process runs every five minutes if the connector is running.

Before you begin, the Directory Service Query connector must be configured on SEM Manager.

  1. Log in to the SEM console.

  2. On the SEM toolbar, navigate to Build > Groups.

  3. Click the plus button in the upper right corner, and then select Directory Service Group.

  4. In the details pane at the bottom of the SEM console window, select a group category from the folder tree on the left to populate the Available Groups pane on the right.

  5. Check the boxes next to the groups you want to import into SEM Manager.

  6. Repeat Steps 4 and 5 until you have selected all the groups you want to import.

  7. Click Save.

Import an Active Directory user and assign the user SEM login rights

  1. Log in to the SEM console.

  2. On the SEM toolbar, navigate to Build > Users.

  3. Click , and then select Import SEM User.

    The Import Users dialog opens.

  4. Complete the form to select the user to be given SEM console login rights.

    • SEM Groups – Choose All to search for a user across all security groups, or choose a specific security group to limit your search to just that group.
    • Search User – Type a portion of the user name to search for. You must type at least three letters.
    • Search – Click search to get a list of users that meet the search criteria. Search will not return more than 10 users.
    • Available Users – Select one or more users to import from the search results.
    • Selected Users – Click the green arrow to move users from the Available Users list to the Selected Users list.
  5. Click Import.

    The system adds the user to the Users view list.

  6. In the Users list, select the user and verify that the user's email address appears in the Contact Information box.

    If the email address is missing, Active Directory is not configured to supply this information and you will not be able to send email notifications to this user. You can create the email address or add it to a local user when rules fire.