Legacy Active Directory
Connector name |
|
Type | Executable |
Target system description | Legacy Active Directory |
Target system versions supported/tested | Active Directory installed on Windows 2008R2/2012/2016/2019/2022 servers. |
Connector status | Deprecated / Removed |
Support | Not supported as of Connector Pack version 4.6.0. Clients may contact Bravura Security support for assistance with migrating to the Active Directory DN connector |
Upgrade notes | CautionThis connector is shipped with Connector Pack 4.5 or earlier, however as of version 4.6.0 this connector is no longer available. |
Connection to the domain can either be made using a domain administrator account or delegated ID. ADSI services are used to connect to the domain. On most operations, the connector uses the ADSI LDAP provider. If the target system is configured to use SSL, an LDAP SSL connection is used. Otherwise, a secure connection using Kerberos is made over LDAP. Other operations use the ADSI WinNT provider.
The Bravura Security Fabric Active Directory connector is able to dynamically identify the most suitable domain controllers on which to make password updates in order to expedite replication of the new password and intruder lockout flag for the user. For example, a password update and cleared lockout may be set on a DC in the same site as the user’s current workstation (identified by IP address), or nearest the user’s home directory file server. In either case, no connector software is installed on the target Windows domain controllers.
The following Bravura Security Fabric operations are supported by this connector on user, account and account group type objects (depending on your product license and version):
user verify password
get server information
user change password
administrator reset password
expire password
check password expiry
administrator verify password
enable accountdisable account
check account enabled
unlock account
check account lock
create account
delete account
rename account
update attributes
move contexts
add user to group
delete user from group
add owner(user) to group
remove owner(user) from group
add owner(group) to group
remove owner(group) from group
create group
delete group
check account expiry
unexpire account
expire account
List:
accounts
attributes
groups
members
computer objects
For a full list and explanation of each connector operation, see Connector operations.
When Bravura Identity is installed, the connector can be configured with the nrsmb or nrcifs program to:
List network resources
List permissions for each network resource
List the owners of a network resource
Add or delete owners for a network resource
List the ACLs on a directory or share
The connector is called by the Transaction Monitor Service (idtm). When Bravura Identity is installed, the connector is run by the View and update profile (IDR) module whenever users view resource details or manage group owners.
The following sections show you how to:
Define an account for the target system administrator in Active Directory
Create a delegated ID and modify the AdminSDHolder object.
Enable SSL connections
Create template accounts in Active Directory
Set the Active Directory target system address in Bravura Security Fabric
Set up Active Directory so that network resources can be managed in Bravura Identity
This chapter also describes how Bravura Security Fabric handles special attributes used when creating or modifying accounts on an Active Directory target.
See also
Active Directory DN to learn how to target a Windows domain forest with Active Directory.