Question
How do I configure FTK Central to use Active Directory authentication?
Notes:
- Active Directory authentication can only be tied to one domain. If your users are spread over multiple domains, you should not use Active Directory authentication.
- Application-level, non-domain users will not be able to log in to FTK Central if Active Directory authentication is enabled.
- Your FTK Central base URL may need to be added to the Local Intranet Zone on your users' machines in order to pass Integrated Windows Authentication credentials.
Answer
- Log in to FTK Central and click the wrench in the upper-right to go to Administration
- Click System Management in the upper-right
- Click Active Directory on the left
- Complete the values as defined below:
Server: Name or IP of the Domain Controller (this can also be just the domain name itself to automatically choose which domain controller to use)
Port: LDAP port
Global Catalog: Whether or not to use Global Catalog
Base DN: Distinguished Name of the base OU
User DN: Username of a user with Domain Read Object privileges - Check the box under Active Directory Authentication
- Click Test Configuration and make sure it returns Valid
- Click Save and Next in the lower-right
- Map the fields as shown below, the click Save and Next
- Click User Management in the upper-right
- On the Users page, click Import fromAD
- Import at least one User from Active Directory, and associate them to either the Application Administrator Role or Group
Note: Any existing non-domain users will not be able to log in to Quin-C beyond this point - On the FTK Central server, navigate to the Forensic Tools bin folder (typically "<drive>:\Program Files\AccessData\Forensic Tools\<version>\bin")
- Open ADG.WeblabSelfHost.exe.config in a text editor
- Under the appSettings section, find and edit the value of the UseAD key as defined below:
1: Integrated Windows Authentication (User-based authentication)
2: Integrated Windows Authentication (Group-based authentication, see this)
3: AD + Forms (User-based authentication) - Save your changes, and restart the AccessData Exterro Self Host Service service
Note: In some cases when using Integrated Windows Authentication, you may need to manually navigate directly to <FTKCentralBaseURL>/app/quinc2/home to bypass the login screen.