Microsoft Active Directory

Microsoft Active Directory provides user information management in a Windows environment.

If you plan to use Active Directory and your deployment includes Azure ExpressRoute, some additional configuration is needed in Azure. See the Microsoft article Azure Active Directory (AD) Domain Services for more information.

Configure a Microsoft Active Directory in the User Directory Properties section

Steps

  1. On the page Settings > Users > User Directories, click Add. The Add User Directory page displays.
  2. In the text field User directory name, enter a name for the user directory.
  3. From the pull-down menu User directory type, select Microsoft Active Directory.
    User Directory Properties section displays with options for Microsoft Active Directory.
  4. In the text field Server IP address or hostname, enter the IP address or hostname of your LDAP server.
  5. In the text field Port, enter the port number. The default is 389.
  6. (Optional) Enable secure LDAP, a nonstandard protocol also known as LDAP over SSL; mark the check box Enable secure LDAP.
    Marking this check box changes the default port number to 636.
  7. In the text field Username, enter the username for this appliance.
    The Username field can contain the user’s username (such as admin), email address (such as admin@mycompany.com or distinguished name (such as cn=admin, dc=company, dc=com).
  8. In the text field Password, enter the password for this appliance.
  9. In the text field Search domain, enter the LDAP server’s search domain name. This value is used when the search filter is applied.
  10. Verify that the field Search filter contains a standard LDAP query that can use validation variables, for example:

    (|(mail=%email%)(userPrincipalName=%email%)

    (proxyAddresses=smtp:%email%))

  11. From Cache setting, select either Mirror or Cache address.
    • The Mirror setting means that valid addresses are cached all at once by synchronizing the cache with all the addresses stored on the LDAP server. You can manually synchronize the cache with the LDAP server any time after that by clicking Synchronize for this directory on the User Directories page.
    • The Cache address setting means the cache is updated dynamically. A new, valid address is cached after it is verified with the LDAP server. Remove all addresses from the cache by clicking Clear cache.
  12. In the text field Cache timeout, enter a value in minutes.

    The timeout is the amount of time that a valid address remains in the memory cache. If an email message is sent from a previously validated address during this timeout period, the email is delivered without contacting the validation server.

    However, if another message is sent from this address after the timeout has expired, the server will be contacted to validate the address. Default value is 60 minutes.

  13. Click OK.
    The settings are saved.