Configuring an Active Directory in the agent

Each agent must be associated with at least one Active Directory.

images/download/attachments/240931636/image-2024-4-17_11-37-32-version-1-modificationdate-1713332253107-api-v2.png

See below for the required parameters.

Domain Name

The name of the root domain of the Microsoft Active Directory forest that was used when Preparing the Active Directory forest for WSTEP.

  • If an Active Directory with the same name exists and is linked to another agent, the wizard will display an error message.

  • If an Active Directory with the same name exists but is not linked to another agent, the wizard will display a confirmation request to load the Active Directory configuration.

  • The value used for the domain name should not be an IP address, nor should it be the FQDN of a domain controller.

Username

The user logon name obtained when Creating a PKIaaS WSTEP Service Account. This parameter supports the two formats described in:

https://learn.microsoft.com/en-us/windows/win32/secauthn/user-name-formats

For example:

mydomain\john.smith
john.smith@mydomain.com

Password

The password selected when Creating a PKIaaS WSTEP Service Account.

DNS

The DNS of the Active Directory you configured in Preparing the Active Directory forest for WSTEP. Use the following syntax to set this value.

<machine>:<port>

Where

  • <machine> is the domain name or IP address of the DNS server.

  • <port> is the port of the DNS service.

Certificate Authority

The Certificate Authority you configured in Configuring an Entrust PKIaaS issuing CA for WSTEP.

LDAPS Trusted Certificates

The root CA certificate of the LDAPS TLS certificates chain. The PKIaaS Virtual Machine will use this root CA certificate for validating connections with the Active Directory LDAPS service. Click Add Certificate to import one or more root CA certificates.

See Setting up LDAPS on domain controllers for how to configure the LDAPS TLS certificates.