Support Portal

Question

How do I configure FTK Central to use Active Directory authentication?

Notes: 

• Active Directory authentication can only be tied to one domain.  If your users are spread over multiple domains, you should not use Active Directory authentication.
• Application-level, non-domain users will not be able to log in to FTK Central if Active Directory authentication is enabled.
• Your FTK Central base URL may need to be added to the Local Intranet Zone on your users' machines in order to pass Integrated Windows Authentication credentials.

Answer

1.  Log in to FTK Central and click the wrench in the upper-right to go to Administration
   
2. Click System Management in the upper-right
   
3. Click Active Directory on the left
   
4. Complete the values as defined below:
   Server: Name or IP of the Domain Controller (this can also be just the domain name itself to automatically choose which domain controller to use)
   Port: LDAP port
   Global Catalog: Whether or not to use Global Catalog
   Base DN: Distinguished Name of the base OU
   User DN: Username of a user with Domain Read Object privileges
   
5. Check the box under Active Directory Authentication
   
   
6. Click Test Configuration and make sure it returns Valid
   
7. Click Save and Next in the lower-right
   
8. Map the fields as shown below, the click Save and Next
   
   
9. Click User Management in the upper-right
   
10. On the Users page, click Import fromAD
    
11. Import at least one User from Active Directory, and associate them to either the Application Administrator Role or Group
    Note: Any existing non-domain users will not be able to log in to Quin-C beyond this point
12. On the FTK Central server, navigate to the Forensic Tools bin folder (typically "<drive>:\Program Files\AccessData\Forensic Tools\<version>\bin")
13. Open ADG.WeblabSelfHost.exe.config in a text editor
14. Under the appSettings section, find and edit the value of the UseAD key as defined below:
    1: Integrated Windows Authentication (User-based authentication)
    2: Integrated Windows Authentication (Group-based authentication, see this)
    3: AD + Forms (User-based authentication)
15. Save your changes, and restart the AccessData Exterro Self Host Service service

Note: In some cases when using Integrated Windows Authentication, you may need to manually navigate directly to <FTKCentralBaseURL>/app/quinc2/home to bypass the login screen.