Prepare the Active Directory

For reading accounts, provisioning accounts and provisioning groups to Active Directory KeyHub needs to bind to the directory. In this example all parameters can be interchanged with parameters applicable to your existing AD configuration.

In Active Directory

Step 1

  • Create a user KeyHub with privileges higher or equal to the highest privilege it needs to provision.
    eg. for provisioning Domain admin rights you need Domain admin rights

  • Give this user a strong password. The limit in Active Directory is 256 characters.

  • Store this password in a safe place.

prep ad005
prep ad006
prep ad007
prep ad008

Step 2

Create the following Organizational Units for provisioning.

  • Create an OU=KeyHub

  • Create an OU=groups in the OU=KeyHub

  • Create an OU=users in the OU=KeyHub

prep ad001
prep ad002
prep ad003
prep ad004
  For a linked directory: To prevent issues when creating accounts on Active Directory, it is highly recommended to disable the password policies on the Active Directory. Deleting the policies is not sufficient as Active Directory then uses the default policy. The password policy (minimum password length) should be configured in Topicus KeyHub. The typical error message for issues concerning password policies is Server is unwilling to perform.