To authenticate using Active Directory

Note: If are using the Active Directory user with navigation grouping, give the user Manage level privileges. For details, see Navigation grouping.

1        Create the following groups in your Active Directory domain:

Group

Description

Unitrends-Superuser 

Members of this group are granted superuser privileges.

Unitrends-Admin 

Members of this group or domain administrators are granted administrator privileges. In addition to monitoring and managing systems, these users can add, edit, or delete customers or customer locations, and add, edit, or delete users. Because administrators can create customers and locations, they can also assign systems to different customers and locations in the navigational tree (using Settings > System, Updates, and Licensing > Grid Management).

Unitrends-Manage 

Members of this group are granted manage privileges. These users can view statuses and reports, start backups, and perform other management tasks, such as adding or modifying clients and retention settings. They can also view running jobs or processes, but cannot create or modify users other than modifying their own user account password.

Unitrends-Monitor 

Members of this group are granted monitor privileges. These users are only able to view the status of operations, such as backups or replication, on the front Status page, or run reports. They cannot start backups or restores, view running jobs, or configure the system in any way other than to modify their own user account password.

Note: You may name these groups to suit your environment. If you use your own names, be sure to enter these names when you configure AD authentication in the Unitrends system. User group names in your AD domain must match the names you enter in Step 7 below.

2        Add users to the Unitrends domain groups as desired.

Users who are not domain administrators must be assigned to a Unitrends group to log in to the AI using AD authentication.

Note: Add users to the groups only. Do not add groups. Nested grouping is not a Microsoft best practice and may cause undesirable results.

3        In the Unitrends AI, select the desired system in the Navigation pane.

4        Do one of the following:

Note: The backup system must be running release 7.2 or higher to use the DNS option. For older releases, you must add the AD server to the system’s host file.

     Create a DNS entry for the AD server with reverse lookup configured, then skip to Step 6.

     Add the AD server to the Unitrends system’s host file as described in Step 5.

5        Add the Active Directory server to the Unitrends system’s host file as described below. If you’ve already added the server, verify that you have set the fields as described here. Modify settings as necessary.

Select Settings > Clients, Networking, and Notifications > Networks > Hosts, click Add Another Host, enter Host Name, IP Address, and Qualified Name as described below, then click Confirm.

     The AD server is the machine where the Active Directory domain is located.

     For Qualified Name, enter the active directory domain only. Do not include the server name.

     Example: for an AD server called SERVER_AD whose IP address is 192.168.111.75 and AD domain is company_domain.com, enter the following:

SERVER_AD in the Host Name field.

192.168.111.75 in the IP Address field.

company_domain.com in the Qualified Name field.

Important: This host entry must be added before continuing with this procedure. The host entry must be present before configuring the Unitrends system for AD authentication.

6        Select Settings > System, Updates, and Licensing > Active Directory.

7        Enter information as follows:

Field

Action

Enable Active Directory Authentication

Check this box to start using AD authentication, or leave unchecked to start using AD authentication at a later time.

Use SSL

Check this box if SSL is configured on the domain controller. Be sure to configure SSL between the Unitrends system and the domain controller.

Active Directory Server

Enter the hostname of the machine where the Active Directory Domain is located. If left blank, the system populates this field using the hosts file entry. If you are using DNS and did not add the AD server to the hosts file, be sure to enter the hostname here. This field is limited to 15 characters.

Active Directory Domain

Enter the name of the AD domain. Do not include the AD server name. For example, ad_domain.company_domain.com. This name must be present in the system’s host file or resolvable through DNS.

Active Directory IP

(optional) Enter the IP address of the AD server.

Unitrends Superuser Group

Enter Unitrends-Superuser 

Unitrends Administrator Group

Enter Unitrends-Admin.

Unitrends Manage Group

Enter Unitrends-Manage.

Unitrends Monitor Group

Enter Unitrends-Monitor.

8        Click Confirm to save, or Cancel to exit without saving.