×
×
×
×

Active Directory Integration for OS Deployer

Last Updated On 02 Dec 2025 |
12 minutes read |

Active Directory (Active Directory) is a directory service developed by Microsoft that provides centralized management of network resources such as users, computers, printers, and security groups within a domain-based network. It is designed to help IT administrators efficiently manage and secure an organization's network infrastructure by controlling user access, enforcing policies, and maintaining resource integrity.

At its core, Active Directory acts as a centralized database where all information about network resources is stored, allowing administrators to organize access efficiently, and manage these resources through a single interface, streamlining IT operations across the enterprise.

Functionalities of Active Directory in OS Deployer

Active Directory based Technician Login

Active Directory integration supports Active Directory user-based login to Server console. This allows the technicians to use a single password to access both Active Directory resources and the server.

Pre-Requisites for Setup

  • Administrative Rights: Ensure that the account used to add the domain has appropriate administrative rights across all client systems in the domain. This permission is required to use the credential for onboarding of computers and fetching all objects in Active Directory (computers, users, containers, groups, GPO, and OUs).
  • Service Account Access: If using a service account, it must have view access (Read permission) to all objects in Active Directory (computers, users, containers, groups, GPO, and OUs). Lack of view access will cause Active Directory synchronization to fail. This account also should have access to install agent software in computers.
  • Access to Attributes: The service account should have access to important object attributes like whenChanged, whenCreated, objectGUID, Name, distinguishedName, etc. Additionally, for deleted object retrieval, ensure credentials have access to the Active Directory recycle bin.
  • Data Collection via Command Prompt:
    • Run set L in Command Prompt to get the Domain Controller name (Logonserver = Domain Controller Name).
    • Run set U to retrieve the Domain Name and Active Directory Domain Name (Userdomain = Domain Name, Userdnsdomain = Active Directory Domain Name)

Steps to Add a Domain

  1. Navigate to the Admin > Domain > Add Domain
  2. Choose Active Directory from the drop down.
  3. Enter the details collected from the Command Prompt (from the set L and set U commands) in the appropriate fields.
    4. OS Deployer: Adding domain
  4. Note
    1.If the Central Server cannot directly reach the Domain Controller, enable the Domain controller is not directly reachable option. Then, choose a Distribution Server—located close to the Active Directory Domain Controller—as the Active Directory connector. The Active Directory connector should have reachability to both Central Server and Active Directory Domain Controller.
    2. Distribution server must be configured for the remote office where the domain controller is located to configure Active Directory connector.
  5. Select the Active Directory connector from the drop down. Active Directory Connector acts as a communicator between Central Server and Domain Controller to fetch the Active Directory objects. Distribution Server configured for the location where Domain Controller present can be used as an Active Directory Connector. You can also refresh or add a new Active Directory Connector
  • Enable LDAP SSL to encrypt communication between and Active Directory. This requires uploading an SSL certificate to the Active Directory. By default, LDAP SSL uses port 636, which can be modified based on your requirements.
  • Click Validate and Proceed.
    • Was this document helpful?
    Yes
    No