Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 7.0.8 EMS Administration Guide
    7.0.8
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Adding endpoints using an AD domain server

    Adding endpoints using an AD domain server

    You can manually import endpoints from an Active Directory (AD) server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

    The LDAP connection is read-only.

    A video on how to add a domain is available in the Fortinet Video Library.

    You can add the entire domain or an organization unit (OU) from the domain.

    EMS does not support importing subdomains if you have already imported the parent domain in to EMS.
    To add endpoints using an AD domain server:
    1. Do one of the following:
      • Go to Endpoints > Manage Domains > Add.
      • Go to User Management > Authorized User Groups > Add.
    2. Configure the following options:

      Option

      Description

      IP address/Hostname

      Enter the domain server IP address or hostname.

      Port

      Enter the port number.

      Distinguished name

      Enter the distinguished name (DN) (optional). You must use only capital letters when configuring the DN. You cannot import domains and OUs that have a DN with more than 256 characters.

      Alias

      Enter the alias (optional).

      Bind type

      Select the bind type: Simple, Anonymous, or Regular. When you select Regular, you must enter the Username and Password.

      Username

      Available when you set Bind type to Regular. Enter the username.

      Password

      Available when you set Bind type to Regular. Enter the user password.

      Show Password

      Available when you set Bind type to Regular. Turn on and off to show or hide the password.

      LDAPS connection

      Enable a secure connection protocol when Bind Type is set to Regular.

      Certificate

      Browse to and upload a certificate authority or server certificate in PEM or DER format to secure the LDAPS connection. This option is only available if you enable LDAPS connection.

      Sync every

      Enter the sync schedule between FortiClient EMS and the domain in minutes. The default and minimum is sixty minutes.

    3. Click Test to test the domain settings connection.
    4. If the test succeeds, click Save to save the new domain. If not, correct the information as required, then test the settings again.
    note icon

    After importing endpoints from an AD server, you can move them to custom created groups. These groups are not seen in AD and EMS does not have the ability to modify the AD server in any way. See Managing groups.
    Previous
    Next

    Related Videos

    sidebar video

    Getting Started with EMS 7.0: Part 1

    • 2,926 views
    • 2 years ago
    sidebar video

    Adding an AD Domain to FortiClient EMS

    • 2,572 views
    • 2 years ago

    Adding endpoints using an AD domain server

    Adding endpoints using an AD domain server

    You can manually import endpoints from an Active Directory (AD) server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

    The LDAP connection is read-only.

    A video on how to add a domain is available in the Fortinet Video Library.

    You can add the entire domain or an organization unit (OU) from the domain.

    EMS does not support importing subdomains if you have already imported the parent domain in to EMS.
    To add endpoints using an AD domain server:
    1. Do one of the following:
      • Go to Endpoints > Manage Domains > Add.
      • Go to User Management > Authorized User Groups > Add.
    2. Configure the following options:

      Option

      Description

      IP address/Hostname

      Enter the domain server IP address or hostname.

      Port

      Enter the port number.

      Distinguished name

      Enter the distinguished name (DN) (optional). You must use only capital letters when configuring the DN. You cannot import domains and OUs that have a DN with more than 256 characters.

      Alias

      Enter the alias (optional).

      Bind type

      Select the bind type: Simple, Anonymous, or Regular. When you select Regular, you must enter the Username and Password.

      Username

      Available when you set Bind type to Regular. Enter the username.

      Password

      Available when you set Bind type to Regular. Enter the user password.

      Show Password

      Available when you set Bind type to Regular. Turn on and off to show or hide the password.

      LDAPS connection

      Enable a secure connection protocol when Bind Type is set to Regular.

      Certificate

      Browse to and upload a certificate authority or server certificate in PEM or DER format to secure the LDAPS connection. This option is only available if you enable LDAPS connection.

      Sync every

      Enter the sync schedule between FortiClient EMS and the domain in minutes. The default and minimum is sixty minutes.

    3. Click Test to test the domain settings connection.
    4. If the test succeeds, click Save to save the new domain. If not, correct the information as required, then test the settings again.
    note icon

    After importing endpoints from an AD server, you can move them to custom created groups. These groups are not seen in AD and EMS does not have the ability to modify the AD server in any way. See Managing groups.
    Previous
    Next