Call Savance EIOBoard Call Us: (248) 478-2555

 

Savance EIOBoard Support

Main

Knowledgebase
Active Directory Changes after version 10.3.47+
Posted by Elizabeth Stanley on 31 January 2022 03:48 PM

Basis for the changes: Directory Search

In the existing system ADSync was performed using PagedSearch, in server version past 10.3.47, the AD Sync is performed by Directory Search which is more stable when compared to PagedSearch.

In Paged search there may be a difference in number of expected directory entries (OUs, Groups, Users) due to some of the following constraints: server time limit and page size limit. In such cases paged search returns only the number of directory entries that are collected before exceeding such limits.

Directory search is performed by retrieving directory entries (by page wise) belonging to the OU/Group.

Server Name

If it's not set to it already, you will have to switch the AD Server name in the EIOBoard Server settings to the Fully Qualified Domain Name.

This is because the AD Server name will now need to match the FQDN on the SSL certificate for the AD Server.

Authentication types


AD Sync uses the Auth Type value from the registry, so after upgrading EBServer,  please make sure that the correct auth type is selected under 

ADSync > ConnectionSettings in EIOBoard Server Settings. If not, select the required auth type (mostly it will be ‘Secure’), save the changes and click Test Connection to test the connection.


The AuthenticationTypes enumeration specifies the types of authentication used in DirectorySearch:


Delegation

Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.

FastBind

A user can use this option to boost the performance in a series of object manipulations that involve only methods of the base interfaces. However, ADSI does not verify if any of the request objects actually exist on the server. For more information, see the Fast Binding Option for Batch Write/Modify Operations article.

None

Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.



ReadonlyServer

For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.

Sealing

Encrypts data using Kerberos.

Secure

Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. 

SecureSocketsLayer

Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.

ServerBind

If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.

Signing

Verifies data integrity to ensure that the data received is the same as the data sent.