Adding an AD server
You can manually import endpoints from an Active Directory (AD) server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.
The LDAP connection is read-only.
A video on how to add a domain is available in the Fortinet Video Library.
You can add the entire domain or an organization unit (OU) from the domain.
EMS does not support importing subdomains if you have already imported the parent domain in to EMS.
To add endpoints using an AD domain server:
- Go to Administration > Authentication Servers.
- Configure the following options:
Enter the domain server IP address or hostname.
Enter the port number.
Available when Bind type is set to Regular. Enter the username.
Available when Bind type is set to Regular. Enter the user password.
Available when Bind type is set to Regular. Turn on and off to show or hide the password.
Enable a secure connection protocol when Bind Type is set to Regular.
Browse to and upload a certificate authority or server certificate in PEM or DER format to secure the LDAPS connection. This option is only available if LDAPS connection is enabled.
Enter the alias (optional).
If desired, enter a comment about the server (optional).
If desired, enable this option to configure an AD connector to act as a proxy between EMS and the AD server. See AD connector.
From the dropdown list, select the desired AD connector.
- Click Test to test the domain settings connection.
- If the test succeeds, click Save to save the new domain. If not, correct the information as required, then test the settings again.
After importing endpoints from an AD server, you can move them to custom created groups. These groups are not seen in AD and EMS does not have the ability to modify the AD server in any way. See