Active Directory Access Pane

Getting there

From the Active Directory Access pane, you specify a Windows domain account that can be used to query Windows Active Directory for user attributes and group membership. You may need to specify an account if you do any of the following:

  • Enable public key, certificate, SecurID, or RADIUS authentication for domain users without using password caching.
  • Control access to the server based on domain group membership.
  • Configure group-specific authentication settings based on domain group membership.

The specified credential is stored in the Reflection for Secure IT credential cache.

Whether you need this setting depends on your Active Directory configuration. When no account is specified from this pane (the default), the server queries Active Directory using the Local System account. If the Local System account doesn't have permission to read user attributes in Active Directory, the server attempts to use an anonymous logon to acquire Active Directory information. Anonymous logon is disabled by default starting with Windows Server 2003, and enabling it is not recommended. Under these conditions, the server is unable to acquire Active Directory information prior to user authentication; before you can use the features described above, you must specify a user account.

The options are:

Active Directory access account

Specifies an alternate account name to use when the server queries Windows Active Directory.

Select account

Opens the Select Account dialog box, which you can use to select an existing user account from the credential cache, or a new user.

 

Clear

Clears the current setting. This restores the default behavior described above.

Related Topics

Cached Credentials