Viewing Active Directory configuration settings and mapping rules

You can view and edit an existing Active Directory object in the following ways:

  • To edit: In the Venafi Configuration Console, go to the Connectors node, click on the connector you want to edit, then click Re-Run Wizard.

  • To view: Open the Policy Tree. From the Identity tree, open the Provider tab of the Active Directory object. The following table shows you the information you can see in Policy Tree:

    Active Directory provider object tab configuration information (read-only)
    Tab Sub-tab Configuration settings

    Provider

    		    

     

    Settings

    Settings section: Lists the name and friendly name of the AD connection, as well as the user name used to connect. Here you can also see the secure setting, as well as if nested groups are expanded by default.

    This section also shows you whether global rediscovery is enabled or disabled. To change this setting, modify the properties for the identity provider in the Venafi Configuration Console. See Creating an Active Directory connection for more details.

    Default section: Shows the default configuration that all servers use unless a custom configuration is shown for a specific server (which is listed below.) Settings for individual servers override those in the Default section. These default settings include the global catalogs, domains, and whether rediscovery is enrolled.

    Additional Information:

    • Each engine that is using a unique configuration is displayed in sections on this page. The engine name is shown in the section title. This page shows you all Active Directory connections for all servers connected to this database.

    • If your system was created prior to 21.2, there will be an XML section that shows Active Directory settings for pre-21.2 servers. For all systems created in 21.2 or later, those engines will use either the custom configuration defined for them, or if no custom configuration is defined, they will use the default configuration.

      Mapping Table Allows you to see (but not edit) the mappings that exist between the Venafi Platform fields and the attribute names from the identity provider.
     

    Options

    Driver Loading Rank allows you to specify the rank of this identity provider relative to other identity providers in the Identity Providers tree. (A lower value is a higher-priority connection.)
     

    Search Expressions

     

     

    Search Timeout threshold

    Search Expression and Classes for Users, Groups, and Distribution Lists.

    Name Resolution Attributes
  1. Remote into the Trust Protection Platform server as a master administrator.

  2. From the Windows Start menu, click Venafi Configuration Console.

  3. In the Platform Connectors pane, click the Active Directory connector that requires changes.

  4. (Optional) To view settings, in the Actions pane, under the Identity driver name, click Properties.

  5. Click Re-Run Wizard.
  6. Navigate the wizard and make your changes.