Fortinet black logo

EMS Administration Guide

AD connector

AD connector

You can configure an Active Directory (AD) connector that acts as a proxy between the AD server and EMS.

The following shows an example environment, which consists of the following virtual machines (VM):

  • VM1: EMS
  • VM2: AD server (ems104.com)
  • VM3: AD connector

In this example, VM2 is connected to a local network with an IP address of 192.168.178.14/24. EMS is connected to a public network with an IP address of 10.71.5.77/24. In this scenario, when you attempt to add the AD server as an authentication server in Administration > Authentication Servers in EMS, it cannot reach the AD server. The AD connector solves this problem. The AD connector has the following network adapters:

Adapter

IP address

Adapter controller

192.168.78.14

Adapter data

192.168.1.1/24

The gateway for adapter data is 192.168.1.1, which is a FortiGate that is connected to the Internet. The AD server cannot directly connect to EMS. EMS cannot access the AD server. The connector serves as a proxy to add the AD server to EMS.

To configure the AD connector:
  1. Add an API key:
    1. In EMS, go to Administration > Authentication Servers.
    2. Click Connectors.
    3. Click API Keys, then Add. Add a new API key.

  2. Create the AD connector:
    1. You can install the AD connector in a host that EMS and the AD server can reach. On the host machine, from the EMS installation package, run FortiClientEndpointManagementServerADConnector_7.2.0.XXXX_x64.msi.
    2. In the Connect to EMS Configuration dialog, enter the EMS IP address, fully qualified domain name, or account ID in the EMS IP/FQDN/Account ID field.
    3. In the EMS Port field, enter the port number.
    4. In the Connector UID field, enter the AD connector UID.
    5. In the Connector Api Key field, enter the API key value.
    6. Click Add Site, and enter the EMS site information. Ensure that a Connection established message displays, then click Next.

  3. Go to Administration > Authentication Servers > Connectors to confirm that you successfully created an AD connector.
  4. Go to Administration > Authentication Servers.
  5. Enable Use Connector.
  6. From the Connector dropdown list, select the AD connector.
  7. Save the configuration. EMS successfully adds the AD server as an authentication server.

Related Videos

sidebar video

What's New in FortiClient EMS 7.2

  • 967 views
  • 10 months ago

AD connector

You can configure an Active Directory (AD) connector that acts as a proxy between the AD server and EMS.

The following shows an example environment, which consists of the following virtual machines (VM):

  • VM1: EMS
  • VM2: AD server (ems104.com)
  • VM3: AD connector

In this example, VM2 is connected to a local network with an IP address of 192.168.178.14/24. EMS is connected to a public network with an IP address of 10.71.5.77/24. In this scenario, when you attempt to add the AD server as an authentication server in Administration > Authentication Servers in EMS, it cannot reach the AD server. The AD connector solves this problem. The AD connector has the following network adapters:

Adapter

IP address

Adapter controller

192.168.78.14

Adapter data

192.168.1.1/24

The gateway for adapter data is 192.168.1.1, which is a FortiGate that is connected to the Internet. The AD server cannot directly connect to EMS. EMS cannot access the AD server. The connector serves as a proxy to add the AD server to EMS.

To configure the AD connector:
  1. Add an API key:
    1. In EMS, go to Administration > Authentication Servers.
    2. Click Connectors.
    3. Click API Keys, then Add. Add a new API key.

  2. Create the AD connector:
    1. You can install the AD connector in a host that EMS and the AD server can reach. On the host machine, from the EMS installation package, run FortiClientEndpointManagementServerADConnector_7.2.0.XXXX_x64.msi.
    2. In the Connect to EMS Configuration dialog, enter the EMS IP address, fully qualified domain name, or account ID in the EMS IP/FQDN/Account ID field.
    3. In the EMS Port field, enter the port number.
    4. In the Connector UID field, enter the AD connector UID.
    5. In the Connector Api Key field, enter the API key value.
    6. Click Add Site, and enter the EMS site information. Ensure that a Connection established message displays, then click Next.

  3. Go to Administration > Authentication Servers > Connectors to confirm that you successfully created an AD connector.
  4. Go to Administration > Authentication Servers.
  5. Enable Use Connector.
  6. From the Connector dropdown list, select the AD connector.
  7. Save the configuration. EMS successfully adds the AD server as an authentication server.