Difference between revisions of "Active Directory Integration"
| [unchecked revision] | [unchecked revision] |
| Line 1: | Line 1: | ||
= Synchronizing User Accounts with Active Directory = | = Synchronizing User Accounts with Active Directory = | ||
| − | In addition to adding users manually as described in chapter [[Users,_Folders_and_Settings#User_Management|User Management]], MailStore can synchronize its internal user database with the Active Directory of your company. | + | In addition to adding users manually as described in chapter [[Users,_Folders_and_Settings#User_Management|User Management]], MailStore Server can synchronize its internal user database with the Active Directory of your company. |
| − | During synchronization | + | During synchronization user information such as user names and email addresses are read from Active Directory and recorded in MailStore Server's user database. No changes are made to the Active Directory itself by MailStore Server. The scope of the synchronization can be restricted via filters. |
| − | <p class="msnote">'''Please note:''' MailStore Server does neither | + | <p class="msnote">'''Please note:''' MailStore Server does support neither subdomains nor domain trusts.</p> |
| − | == Accessing | + | == Accessing Directoy Service Integration == |
| − | Log on to MailStore Client as administrator. Click on ''Administrative Tools'' > ''Users and Privileges'' and then on ''Directory Services''. In the ''Integration'' | + | *Log on to MailStore Client as a MailStore Server administrator. |
| + | *Click on ''Administrative Tools'' > ''Users and Privileges'' and then on ''Directory Services''. | ||
| + | *In the ''Integration'' section, change the directory service type to ''Active Directory''. | ||
[[File:mads_sync_01.png|center|450px]] | [[File:mads_sync_01.png|center|450px]] | ||
| − | == | + | == Connection to Active Directory == |
| − | + | For synchronization MailStore Server requires information on how to connect to the Active Directory. | |
| − | * '''Server (optional)''' <br/> | + | *'''Server (optional)'''<br/>DNS name or IP address of an Active Directory domain controller. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically. |
| − | * '''Base-DN (optional)''' <br/> Base DN of your Active Directory. Often the Base DN can be derived from the Active Directory domain name. For example, if the Active Directory domain name is ''company.local'' the Base DN usually is ''dc=company,dc=local''. The Base DN can also be selected by clicking the button left of the text field if access to | + | *'''Base-DN (optional)'''<br/>Base DN of your Active Directory. Often the Base DN can be derived from the Active Directory domain name. For example, if the Active Directory domain name is ''company.local'' the Base DN usually is ''dc=company,dc=local''. The Base DN can also be selected by clicking the button left of the text field if access to an Active Directory domain controller is available. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically. |
| − | * '''Authentication''' <br/> Define how the MailStore Server service should identify itself to the Active Directory:<br/><br/> | + | *'''Authentication'''<br/>Define how the MailStore Server service should identify itself to the Active Directory:<br/><br/> |
| − | ** ''Standard Authentication'' | + | **''Standard Authentication''<br/>If MailStore Server is not installed directly on an Active Directory domain controller, using standard authentication is required. In this case, fill out the ''User Name'' and ''Password'' fields; enter the user name in UPN notation, e.g. ''[email protected]'' |
| − | ** ''Windows Authentication'' | + | **''Windows Authentication''<br/>If MailStore Server is installed directly on an Active Directory domain controller, the MailStore Server service already has the necessary privileges to authenticate against Active Directory using Windows authentication. |
| − | == | + | == User Database Synchronization == |
| − | + | After configuring the connection settings as described above, you can specify filter criteria for the Active Directory synchronization in this section. | |
| − | + | *'''Synchronize Microsoft Exchange users only'''<br/>Only user accounts with email addresses configured in Active Directory will be taken into account by the synchronization. Clear this checkbox only if all Active Directory users should be created as MailStore Server users as well. | |
| + | *'''Synchronize enabled users only'''<br/>Only user accounts enabled in Active Directory will be taken into account by the synchronization. Deactivating this option may be useful if certain Exchange mailboxes should be archived whose Active Directory user accounts are deactivated by default. | ||
| + | *'''Synchronize users visible in address lists only'''<br/>Only Active Directory user accounts will be taken into account by the synchronization whose Exchange mailboxes are not hidden from Exchange address lists. | ||
| + | *'''Sync only these groups'''<br/>Choose one or several Active Directory security groups if you only want their members to be created as MailStore Server users. That way it's possible to exclude certain Active Directory accounts from being synchronized to MailStore Server, e.g. system accounts. | ||
| − | + | {{:Includes:Directory_Services_Options|Active Directory}} | |
| − | + | {{:Includes:Assign_Default_Privileges|an Active Directory}} | |
| + | {{:Includes:Run_Directory_Services_Synchronization|Active Directory}} | ||
| − | |||
[[File:Mads_sync_02.png|450px|center]] | [[File:Mads_sync_02.png|450px|center]] | ||
| Line 41: | Line 46: | ||
Alternatively, if Active Directory is available, MailStore can be configured to allow users to log on to MailStore Server through MailStore Client using their Active Directory password. | Alternatively, if Active Directory is available, MailStore can be configured to allow users to log on to MailStore Server through MailStore Client using their Active Directory password. | ||
| − | == Procedure for Users Created | + | == Procedure for Users Created by Synchronization with Active Directory == |
| − | If the MailStore users were created | + | If the MailStore Server users were created by Active Directory Synchronization, as described in the previous section, no further action is required. In this case, MailStore Server has already configured all necessary settings automatically. |
== Procedure for Manually Created Users == | == Procedure for Manually Created Users == | ||
Revision as of 16:25, 11 October 2013
Synchronizing User Accounts with Active Directory
In addition to adding users manually as described in chapter User Management, MailStore Server can synchronize its internal user database with the Active Directory of your company.
During synchronization user information such as user names and email addresses are read from Active Directory and recorded in MailStore Server's user database. No changes are made to the Active Directory itself by MailStore Server. The scope of the synchronization can be restricted via filters.
Please note: MailStore Server does support neither subdomains nor domain trusts.
Accessing Directoy Service Integration
- Log on to MailStore Client as a MailStore Server administrator.
- Click on Administrative Tools > Users and Privileges and then on Directory Services.
- In the Integration section, change the directory service type to Active Directory.
Connection to Active Directory
For synchronization MailStore Server requires information on how to connect to the Active Directory.
- Server (optional)
DNS name or IP address of an Active Directory domain controller. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically. - Base-DN (optional)
Base DN of your Active Directory. Often the Base DN can be derived from the Active Directory domain name. For example, if the Active Directory domain name is company.local the Base DN usually is dc=company,dc=local. The Base DN can also be selected by clicking the button left of the text field if access to an Active Directory domain controller is available. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically. - Authentication
Define how the MailStore Server service should identify itself to the Active Directory:
- Standard Authentication
If MailStore Server is not installed directly on an Active Directory domain controller, using standard authentication is required. In this case, fill out the User Name and Password fields; enter the user name in UPN notation, e.g. [email protected] - Windows Authentication
If MailStore Server is installed directly on an Active Directory domain controller, the MailStore Server service already has the necessary privileges to authenticate against Active Directory using Windows authentication.
- Standard Authentication
User Database Synchronization
After configuring the connection settings as described above, you can specify filter criteria for the Active Directory synchronization in this section.
- Synchronize Microsoft Exchange users only
Only user accounts with email addresses configured in Active Directory will be taken into account by the synchronization. Clear this checkbox only if all Active Directory users should be created as MailStore Server users as well. - Synchronize enabled users only
Only user accounts enabled in Active Directory will be taken into account by the synchronization. Deactivating this option may be useful if certain Exchange mailboxes should be archived whose Active Directory user accounts are deactivated by default. - Synchronize users visible in address lists only
Only Active Directory user accounts will be taken into account by the synchronization whose Exchange mailboxes are not hidden from Exchange address lists. - Sync only these groups
Choose one or several Active Directory security groups if you only want their members to be created as MailStore Server users. That way it's possible to exclude certain Active Directory accounts from being synchronized to MailStore Server, e.g. system accounts.
Includes:Directory Services Options Includes:Assign Default Privileges Includes:Run Directory Services Synchronization
Login with Windows Credentials
By default, each MailStore user has a password exclusively for MailStore which the administrator can specify during creation of a new user account. In MailStore Client's Administrative Tools, the respective user can later change his or her password.
Alternatively, if Active Directory is available, MailStore can be configured to allow users to log on to MailStore Server through MailStore Client using their Active Directory password.
Procedure for Users Created by Synchronization with Active Directory
If the MailStore Server users were created by Active Directory Synchronization, as described in the previous section, no further action is required. In this case, MailStore Server has already configured all necessary settings automatically.
Procedure for Manually Created Users
If MailStore users who were created manually are to be able to log on using their Active Directory password, please proceed as follows:
- Configure the Active Directory Integration as described in chapter Synchronizing User Accounts with Active Directory.
- Verify that the names of the MailStore users match those of the corresponding Active Directory users.
- In the User Properties window under Authentication, select Directory Services.
MailStore Client Single Sign-On
For information on using the single sign-on functionality in Active Directory environments, please refer to the article MailStore Client Deployment.
