3.2 Configuring the Directory Service for Microsoft Active Directory

After installing ZENworks Endpoint Security Management, the New Directory Service Configuration Wizard automatically displays. If you have just installed the product and the Welcome page is displayed, skip to Step 4 in the following procedure.

To configure the directory service:

  1. In the Management Console, click Tools > Configuration.

  2. Click Authenticating Directories.

  3. Click New to launch the New Directory Service Configuration Wizard.

  4. Click Next to display the Select Directory Service page.

  5. Select Microsoft Active Directory as the directory service.

  6. Specify a friendly name to describe the directory service configuration, then click Next to display the Connect to Server page.

  7. Fill in the fields:

    • Host Name: Specify the DNS name or IP address of the directory server. If the DNS name or IP address cannot be authenticated, a bind error message displays.

    • Port: Specify the port used to connect to the directory server.

      Port 389 is the default. If you use a different port to connect to the directory server, you can specify that port.

    • Enable Encryption for this Session using Kerberos/NTLM: Select to enable encryption.

  8. Click Next to display the Provide Credentials page.

  9. Fill in the fields:

    • User name: Specify the account administrator to bind to the directory.

      This account serves as the administrator of the directory service configuration. The login name must be a user who has permission to view the entire directory tree. It is recommended that this user be the domain administrator.

    • Password: Specify the password for the account administrator.

      This account serves as the administrator of this directory service configuration.

      The password should not be set to expire, and this account should never be disabled.

    • Domain: Specify the domain in which the account administrator is a member.

    • Authentication Method: Select an authentication method:

      • Negotiate

      • Kerberos

      • NTLM

  10. If the configuration administrator user you specified in Step 9 cannot be found in the domain, the Locate Account Entry page displays.

    Specify the container where the administrator is located.

  11. Click Next to display the Select Authenticating Domain(s) page.

  12. Browse to and select the authenticating domains for this configuration, then click Next to display the Select Client Container(s) page.

  13. Browse to and select the containers for the accounts used in this configuration.

    The Select Client Container(s) page lets you narrow the search to only those containers that contain managed users and computers, which improves performance.

    Any client installation that attempts to check in with the management server the does not reside in a selected container results in longer search times.

  14. Click Next to display the Select Container(s) for Synchronization page.

  15. (Optional) Select the containers to synchronize as part of the configuration process.

    The synchronization is performed in the background so you can immediately begin using your new configuration. If you have many users and computers to synchronize, this might take a few hours.

    If you do not specify containers to synchronize, the users and computers in those contexts are populated in the Management Console when they check in.

    Synchronizing contexts pre-populates the Management Console with those users and computers so that you can immediately perform actions such as creating security policies. When the users or computers check in to the system, those policies are pushed down and applied. By pre-populating the Management Console, you can immediately begin creating policies that are specific to individual users or computers, rather than creating a policy that applies to all users and computers in the context. If you do not synchronize the context, you must wait until those users and computers check in to the system before creating unique policies for different users or computers.

  16. Click Next to display the Save Configuration page.

  17. Review the information, then click Next.

    You can click Back to change any settings, if necessary.

  18. Click Finish.

When you click Finish, the icon displays in your Windows notification area and the synchronization begins. You can double-click the icon to display the Directory Services Synchronization dialog box.

The synchronization occurs in the background. If you exit the Management Console, the synchronization stops. When you open the Management Console again, the synchronization resumes where it left off.