Hardware | Minimum requirements | Recommended requirements |
Processor | 2.4 GHz | 3 GHz |
RAM | 8 GB | 16 GB |
Disk Space | 100 GB (SSD preferred) | 200 GB (SSD preferred) |
ManageEngine ADSelfService Plus can be installed in the following Windows operating system versions:
Windows Servers | Windows Clients |
Windows Server 2022 | Windows 11 |
Windows Server 2019 | Windows 10 |
Windows Server 2016 | Windows 8.1 |
Windows Server 2012 R2 | Windows 8 |
Windows Server 2012 | Windows 7 |
Windows Server 2008 R2 |
ADSelfService Plus requires one of the following browsers to be used as a client to access its server.
ADSelfService Plus comes with a built-in PostgreSQL database for storing user enrollment information, domain configuration information, certain AD attribute values, ADSelfService Plus reports data, etc. Organizations can also use an external Microsoft SQL or PostgreSQL database to store this data. The supported database versions are:
PostgreSQL
ADSelfService Plus build number | Supported database versions |
6500 and above | PostgreSQL 12, 13, and 14 |
6100 to 6410 | PostgreSQL 9.4-9.6, 10.0-10.15, and 11.0-11.7 |
5500 to 6013 | PostgreSQL 9.2-9.6 |
Microsoft SQL
ADSelfService Plus build number | Supported database versions |
6500 and above | Microsoft SQL Server 2012 and above |
5500 to 6410 | Microsoft SQL Server 2005 and above |
Preferred screen resolution: 1024 x 768 pixels or higher.
The ADSelfService Plus login agent enables end users to securely log into their machines and perform self-service password resets and unlocks directly from the machine login screen.
You can install the login agent on the following platforms:
Windows Servers | Windows Clients | macOS Clients | Linux Clients |
Windows Server 2022 | Windows 11 | macOS 15 Sequoia | Red Hat Enterprise Linux 8.x-9.x* |
Windows Server 2019 | Windows 10 | macOS 14 Sonoma | Rocky Linux 8.x-9.x* |
Windows Server 2016 | Windows 8.1 | macOS 13 Ventura | Ubuntu 16.x-20.04.4 |
Windows Server 2012 R2 | Windows 8 | macOS 12 Monterey | Fedora 27.x-31.x |
Windows Server 2012 | Windows 7 | macOS 11 Big Sur | CentOS 7.X |
Windows Server 2008 R2 | Windows Vista | macOS 10.15 Catalina | |
Windows Server 2008 | macOS 10.14 Mojave | ||
macOS 10.13 High Sierra | |||
macOS 10.12 Sierra | |||
OS X 10.11 El Capitan | |||
OS X 10.10 Yosemite |
* Machines running Red Hat Enterprise Linux and Rocky Linux can be secured with machine login MFA. Self-service password resets and unlocks from the login screen are currently not supported for these platforms.
Note: While the ADSelfService Plus login agent has been officially tested and confirmed to run seamlessly on the three Linux distributions mentioned, it may support other Linux distributions as well. Please contact the support team (support@adselfserviceplus.com) to check if the Linux distribution used in your organization is supported.
For proper functioning of ADSelfService Plus, communication must be established between the product server and components like the domain controller; the product's web client; the Windows, macOS, and Linux login agents; and the password sync agent by opening specific ports in the firewall.
The table below lists the ports to be opened on the systems with the ADSelfService Plus server, DNS server, DHCP server, email server, and domain controller.
Ports | Protocols | Services | Purpose | Connection outbound from | Connection inbound to |
This varies between SMTP ports | TCP | SMTP | Email communication. This port is not mandatory and is to be enabled only if the mail server is going to be configured in ADSelfService Plus for sending notifications and verification codes. | ADSelfService Plus server | Email server |
42 | TCP | Host name server protocol | Host name server protocol | ADSelfService Plus server | Domain controller |
53 | TCP/UDP | DNS | DNS name resolution | ADSelfService Plus server | DNS server |
67 | UDP | DHCP | Used to fetch information | ADSelfService Plus server | DHCP server |
88 | TCP/UDP | Kerberos | Used to fetch information on user and computer authentication | ADSelfService Plus server | Domain controller |
135 | TCP | RPC | RPC endpoint mapper | ADSelfService Plus server | Domain controller |
137 | UDP | NetBIOS | NetBIOS name resolution | ADSelfService Plus server | Domain controller |
138 | UDP | Netlogon | NetBIOS name resolution | ADSelfService Plus server | Domain controller |
139 | TCP | Netlogon | NetBIOS name resolution | ADSelfService Plus server | Domain controller |
389 | TCP/UDP | LDAP | Used to fetch information related to the directory, user and computer authentication, and Group Policy | ADSelfService Plus server | Domain controller |
445 | TCP/UDP | Netlogon | SMB in Netlogon service | ADSelfService Plus server | Domain controller |
464 | TCP/UDP | Kerberos | Used to change or set user passwords | ADSelfService Plus server | Domain controller |
593 | TCP | RPC | RPC over HTTPS | ADSelfService Plus server | Domain controller |
636 | TCP | LDAP SSL | Used to fetch information on Group Policy and user and computer authentication | ADSelfService Plus server | Domain controller |
2535 | TCP | DHCP | DHCP | ADSelfService Plus server | Domain controller |
3268 | TCP | LDAP using Global Catalog | Used to fetch information related to the directory, user authentication, computer authentication, and Group Policy | ADSelfService Plus server | Domain controller |
3269 | TCP | LDAP SSL using Global Catalog | Used to fetch information related to the directory, user authentication, computer authentication, and Group Policy | ADSelfService Plus server | Domain controller |
49152-65535 (1025-5000 for Windows 2000 XP and Windows Server 2003) | TCP | RPC | Used for AD communication and for Microsoft SQL Server named instances | ADSelfService Plus server | Domain controller |
5985 | TCP | WinRM-HTTP | Used for AD communication and for Microsoft SQL Server named instances | ADSelfService Plus server | Domain controller |
7800 | TCP | ADSelfService Plus | Used for communication between ADSelfService Plus instances in a load-balanced setup | ADSelfService Plus server | ADSelfService Plus server (Load Balancer) |
If an external Microsoft SQL database is used, the following ports have to be opened:
Ports | Protocols | Purpose | Connection outbound from | Connection inbound to |
1433 | TCP | To communicate with the Microsoft SQL Server default instance | ADSelfService Plus server | Microsoft SQL server |
1434 | UDP | To communicate with the Microsoft SQL Server browser service | ADSelfService Plus server | Microsoft SQL server |
The following ports need to be opened on the:
Ports | Protocols | Services | Connection outbound from | Connection inbound to |
8888 | TCP | HTTP | ADSelfService Plus web client; Windows, macOS, and Linux login agent; and password sync agent | ADSelfService Plus server |
9251 | TCP | HTTPS | ADSelfService Plus web client; Windows, macOS, and Linux login agent; and password sync agent | ADSelfService Plus server |
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.