Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Set up Active Directory authentication in LEM 6.3.0 and older

Set up Active Directory authentication in LEM 6.3.0 and older

Updated: October 11, 2017

These steps apply to LEM version 6.3.0 and older. To configure newer versions of LEM (version 6.3.1 and above), see Set up Active Directory authentication in LEM.

Complete the steps in this topic to allow users to log in to LEM with their Active Directory credentials.

Configure the Directory Service Query connector

Before you begin, gather the following:

  • Either the IP address or fully-qualified domain name (FQDN) of the Active Directory server.
  • The domain credentials for an account that the Directory Service Query connector can use.

To get directory server details, open a Windows command prompt on a computer on the correct network and type nslookup.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Select the LEM Manager.

  3. Click Manage > Appliances.

  4. Click the gear icon next to your LEM Manager and select Connectors.

  5. Enter Directory Service Query in the search box on the Refine Results pane.

  6. Click the gear icon next to the master connector on the right, and select New.

  7. Complete the Directory Service Query connector form:

    1. In the Domain Name field, enter the fully-qualified domain name for your directory service server using lowercase characters.

      For example, solarwinds.com.

    2. In the Directory Service Server field, enter the IP address or hostname of your directory service server.

      SolarWinds recommends using the IP address to avoid possible DNS issues. The LEM network configurations (netconfig) allow for setting or changing the DNS server to resolve the host.

    3. Enter the domain credentials for a user account that the connector can use.

      SolarWinds recommends using a service account with a non-expiring password, otherwise you will have to manually update the connector every time the password expires. This account does not need elevated privileges. When entering domain credentials, provide only the user name.

    4. Enter the domain credentials for a user account that the connector can use.

      SolarWinds recommends using a service account with a non-expiring password, otherwise you must manually update the connector every time the password expires. This account does not need elevated privileges. When entering domain credentials, provide only the user name.

  8. When finished, click Save.

  9. Locate the new instance of the connector. The gray icon in the Status column indicates that the connector is not running.

  10. Click the gear icon next to the new connector and select Start. A green icon in the Status column indicates that the connector is running.

A green icon in the Status column indicates that the connector is running.

Test the Directory Service Query connector settings

  1. Click the "Test Domain Connection button" at the bottom of the connector settings pane.

  2. Create an nDepth query. See Create an nDepth query for steps and use the following settings:
    • Expand the Event Groups menu, select Any Alert, and drag EventInfo into the nDepth search bar.

    • Enter *Connection to* in the search field.

  3. Run the search.

  4. Choose the Results Details icon on the nDepth explorer toolbar to view the results.

  5. Check the EventInfo field to verify that it does not say “Connection to Directory Service failed.”

Import your Active Directory organizational groups into LEM

Complete these steps to import your directory service groups into LEM Manager and start the group synchronization process. The synchronization process runs every five minutes as long as the connector is running.

Before you begin, the Directory Service Query connector must be configured on LEM Manager.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Groups.

  3. Click the plus button in the upper right corner and select Directory Service Group.

  4. In the details pane at the bottom of the LEM console window, select a group category from the folder tree on the left to populate the Available Groups pane on the right.

  5. Check the boxes next to the groups you want to import into LEM Manager.

  6. Repeat Steps 4 and 5 until you have selected all of the groups you want to import.

  7. Click Save.

Import an Active Directory user and assign the user LEM login rights

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Users.

  3. Click + and select Import LEM User.
    The Import Users dialog opens.

  4. Complete the form to select the user to be given LEM console login rights.

    • LEM Groups – Choose All to search for a user across all security groups, or choose a specific security group to limit your search to just that group.
    • Search User – Type a portion of the user name to search for. You must type at least three letters.
    • Search – Click search to get a list of users that meet the search criteria. Search will not return more than 10 users.
    • Available Users – Select one or more users to import from the search results.
    • Selected Users – Click the green arrow to move users from the Available Users list to the Selected Users list.
  5. Click Import.

    The system adds the user to the Users view list.

  6. In the Users list, select the user and verify that the user's email address appears in the Contact Information box.

    If the email address is missing, Active Directory is not configured to supply this information and you will not be able to send email notifications to this user. You can create the email address or add it to a local user when rules fire.

 

Last modified

Tags

Classifications

Public