Fortinet black logo

Version:

7.2.0
7.0.8
7.0.7

Version:

7.0.6
7.0.4
7.0.3

Version:

7.0.2
7.0.1
7.0.0

Version:

6.4.9
6.4.8
6.4.7

Version:

6.4.4
6.4.3
6.4.2

Version:

6.4.1
6.4.0
6.2.9

Version:

6.2.8
6.2.7
6.2.6

Version:

6.2.4
6.2.3
6.2.2

Version:

6.2.1
6.2.0
6.0.8

Version:

6.0.6
6.0.5
6.0.4

Version:

6.0.3
6.0.2
6.0.1

Version:

6.0.0

Table of Contents

EMS Administration Guide

7.2.0
7.2.0
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
Download PDF
Copy Link

Adding an AD server

You can manually import endpoints from an Active Directory (AD) server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

The LDAP connection is read-only.

A video on how to add a domain is available in the Fortinet Video Library.

You can add the entire domain or an organization unit (OU) from the domain.

EMS does not support importing subdomains if you have already imported the parent domain in to EMS.
To add endpoints using an AD domain server:
  1. Go to Administration > Authentication Servers.
  2. Configure the following options:

    IP address/Hostname

    Enter the domain server IP address or hostname.

    Port

    Enter the port number.

    Username

    Available when Bind type is set to Regular. Enter the username.

    Password

    Available when Bind type is set to Regular. Enter the user password.

    Show Password

    Available when Bind type is set to Regular. Turn on and off to show or hide the password.

    LDAPS connection

    Enable a secure connection protocol when Bind Type is set to Regular.

    Certificate

    Browse to and upload a certificate authority or server certificate in PEM or DER format to secure the LDAPS connection. This option is only available if LDAPS connection is enabled.

    Alias

    Enter the alias (optional).

    Comment

    If desired, enter a comment about the server (optional).

    Use Connector

    If desired, enable this option to configure an AD connector to act as a proxy between EMS and the AD server. See AD connector.

    Connector

    From the dropdown list, select the desired AD connector.

  3. Click Test to test the domain settings connection.
  4. If the test succeeds, click Save to save the new domain. If not, correct the information as required, then test the settings again.
note icon

After importing endpoints from an AD server, you can move them to custom created groups. These groups are not seen in AD and EMS does not have the ability to modify the AD server in any way. See Managing groups.
Previous
Next

Adding an AD server

You can manually import endpoints from an Active Directory (AD) server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

The LDAP connection is read-only.

A video on how to add a domain is available in the Fortinet Video Library.

You can add the entire domain or an organization unit (OU) from the domain.

EMS does not support importing subdomains if you have already imported the parent domain in to EMS.
To add endpoints using an AD domain server:
  1. Go to Administration > Authentication Servers.
  2. Configure the following options:

    IP address/Hostname

    Enter the domain server IP address or hostname.

    Port

    Enter the port number.

    Username

    Available when Bind type is set to Regular. Enter the username.

    Password

    Available when Bind type is set to Regular. Enter the user password.

    Show Password

    Available when Bind type is set to Regular. Turn on and off to show or hide the password.

    LDAPS connection

    Enable a secure connection protocol when Bind Type is set to Regular.

    Certificate

    Browse to and upload a certificate authority or server certificate in PEM or DER format to secure the LDAPS connection. This option is only available if LDAPS connection is enabled.

    Alias

    Enter the alias (optional).

    Comment

    If desired, enter a comment about the server (optional).

    Use Connector

    If desired, enable this option to configure an AD connector to act as a proxy between EMS and the AD server. See AD connector.

    Connector

    From the dropdown list, select the desired AD connector.

  3. Click Test to test the domain settings connection.
  4. If the test succeeds, click Save to save the new domain. If not, correct the information as required, then test the settings again.
note icon

After importing endpoints from an AD server, you can move them to custom created groups. These groups are not seen in AD and EMS does not have the ability to modify the AD server in any way. See Managing groups.
Previous
Next