For reading accounts, provisioning accounts and provisioning groups to Active Directory KeyHub needs to bind to the directory. In this example all parameters can be interchanged with parameters applicable to your existing AD configuration.
In Active Directory
Step 1
-
Create a user KeyHub with privileges higher or equal to the highest privilege it needs to provision.
eg. for provisioning Domain admin rights you need Domain admin rights -
Give this user a strong password. The limit in Active Directory is 256 characters.
-
Store this password in a safe place.
Step 2
Create the following Organizational Units for provisioning.
-
Create an OU=KeyHub
-
Create an OU=groups in the OU=KeyHub
-
Create an OU=users in the OU=KeyHub
| For a linked directory: To prevent issues when creating accounts on Active Directory, it is highly recommended to disable the password policies on the Active Directory. Deleting the policies is not sufficient as Active Directory then uses the default policy. The password policy (minimum password length) should be configured in Topicus KeyHub. The typical error message for issues concerning password policies is Server is unwilling to perform. |