Fortinet black logo

Windows event log sources

Windows event log sources

FortiAuthenticator must be configured to communicate with the domain controller if Active Directory (AD) will be used to ascertain group information.

A domain controller entry can be disabled without deleting its configuration. This can be useful when performing testing and troubleshooting, or when moving controllers within your network.

In order to properly discover the available domains and domain controllers, the DNS settings must specify a DNS server that can provide the IP addresses of the domain controllers. See DNS.
To add a domain controller:
  1. Go to Fortinet SSO Methods > SSO > Windows Event Log Sources.
  2. Select Create New to open the Create New Windows Event Log Source window.
  3. Enter the following information:
    NetBIOS name Name of the domain controller as it appears in NetBIOS.
    Display name Unique name to easily identify this domain controller.
    IP Network IP address of the controller.
    Account

    Account name used to access logon events.

    The user must have read access to the logs using the built in AD security group "Event Log Readers."

    Password Password for the above account.
    Server type Select either Domain controller or Exchange server as the server type.
    Disable Disable the domain controller without losing any of its settings.
    Priority Define multiple domain controllers for the same domain. Each can be designated as Primary or Secondary. The Primary unit is accessed first.
    Enable secure connection Enable a secure connection over either LDAPS or STARTTLS with a CA certificate.
  4. Select OK.

    By default, FortiAuthenticator uses auto-discovery of Domain Controllers. If you want to restrict operation to the configured domain controllers only, go to Fortinet SSO Methods > SSO > General and enable Restrict auto-discovered domain controllers to configured Windows event log sources and remote LDAP servers. See General settings.

Windows event log sources

FortiAuthenticator must be configured to communicate with the domain controller if Active Directory (AD) will be used to ascertain group information.

A domain controller entry can be disabled without deleting its configuration. This can be useful when performing testing and troubleshooting, or when moving controllers within your network.

In order to properly discover the available domains and domain controllers, the DNS settings must specify a DNS server that can provide the IP addresses of the domain controllers. See DNS.
To add a domain controller:
  1. Go to Fortinet SSO Methods > SSO > Windows Event Log Sources.
  2. Select Create New to open the Create New Windows Event Log Source window.
  3. Enter the following information:
    NetBIOS name Name of the domain controller as it appears in NetBIOS.
    Display name Unique name to easily identify this domain controller.
    IP Network IP address of the controller.
    Account

    Account name used to access logon events.

    The user must have read access to the logs using the built in AD security group "Event Log Readers."

    Password Password for the above account.
    Server type Select either Domain controller or Exchange server as the server type.
    Disable Disable the domain controller without losing any of its settings.
    Priority Define multiple domain controllers for the same domain. Each can be designated as Primary or Secondary. The Primary unit is accessed first.
    Enable secure connection Enable a secure connection over either LDAPS or STARTTLS with a CA certificate.
  4. Select OK.

    By default, FortiAuthenticator uses auto-discovery of Domain Controllers. If you want to restrict operation to the configured domain controllers only, go to Fortinet SSO Methods > SSO > General and enable Restrict auto-discovered domain controllers to configured Windows event log sources and remote LDAP servers. See General settings.