How a logon request is validated
Active Directory: logon request is validated
Open-AudIT can take the supplied username and password in the web login form and verify these against Active Directory
to allow login.
- To configure this, go to Menu -> Admin -> Config and set the fields ad_domain and ad_server.
- ad_domain: This is the Windows Active Directory domain name that your users will validate against. For example open-audit.com.
- ad_server: This is the ip address of the actual Active Directory server you would like to use for user validation.
Restartable Directory Service
Windows Server 2008 introduced the ability to start and stop Active Directory like a normal Windows service. This allows you to perform most offline operations without restarting the domain controller. While Active Directory is stopped, it will not respond to logon requests. If the domain controller is hosting Active Directory, integrated DNS zones, it will also not respond to queries for these zones.
While the Active Directory service is stopped, you can perform all of the offline tasks outlined in this chapter with the exception of restoring from a backup. Restoring still requires that you boot into Directory Services Restore Mode.
Once you have stopped the Active Directory service, you can log into the domain controller with domain credentials if another domain controller is available to service the request. If another domain controller is not available to service the request, you will not be able to log in. If you want to have the option of using the Directory Services Restore Mode password, you must modify the registry.
Active Directory Field Guide