Domain Access Pane

Getting there

From the Domain Access pane, you specify a Windows domain account that can be used to query Windows Active Directory for user attributes and group membership. You may need to specify an account if you do any of the following:

• Enable public key, certificate, SecurID, or RADIUS authentication for domain users without using password caching.
• Control access to the server based on domain group membership.
• Configure group-specific authentication settings based on domain group membership.

Whether you need this setting depends on your Active Directory configuration. When no account is specified from this pane (the default), the server queries Active Directory using the Local System account. If the Local System account doesn't have permission to read user attributes in Active Directory, the server attempts to use an anonymous logon to acquire Active Directory information. Anonymous logon is disabled by default starting with Windows Server 2003, and enabling it is not recommended. Under these conditions, the server is unable to acquire Active Directory information prior to user authentication; before you can use the features described above, you must specify a user account.

The options are:

Note: These domain access credentials are written to an encrypted file in the server data folder when you click File > Save.