Question
How do I configure FTK Central to use Active Directory authentication?
Notes:
- Active Directory authentication can only be tied to one domain. If your users are spread over multiple domains, you should not use Active Directory authentication.
- Application-level, non-domain users will not be able to log in to FTK Central if Active Directory authentication is enabled.
- Your FTK Central base URL may need to be added to your Local Intranet Zone in order to pass authentication.
Answer
- Log in to FTK Central and click the wrench in the upper-right to go to Administration
- Click System Management in the upper-right
- Click Active Directory on the left
- Complete the values as defined below:
Server: Name or IP of the Domain Controller
Port: LDAP port
Global Catalog: Whether or not to use Global Catalog
Base DN: Distinguished Name of the base OU
User DN: Username of a user with Domain Read Object privileges
- Check the box under Active Directory Authentication
- Click Test Configuration and make sure it returns Valid
- Click Save and Next in the lower-right
- Complete at least the fields as shown below, the click Save and Next
- Click User Management in the upper-right
- On the Users page, click Import fromAD
- Import at least one User from Active Directory, and associate them to either the Application Administrator Role or Group
Note: Any existing non-domain users will not be able to log in to Quin-C beyond this point - On the FTK Central server, navigate to the Forensic Tools bin folder (typically "C:\Program Files\AccessData\Forensic Tools\\bin")
- Open ADG.WeblabSelfHost.exe.config in a text editor
- Under the appSettings section, find and edit the value of the UseAD key as defined below:
1: Integrated Windows Authentication (User-based authentication)
2: Integrated Windows Authentication (Group-based authentication, see this)
3: AD + Forms (User-based authentication) - Save your changes, and restart the AccessData Exterro Self Host Service service