| Struggling with AD integration [message #111239] |
Thu, 27 February 2014 14:38  |
Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
|
|
|
|
I've decided that I would like to convert our authentication to use Active Directory. For the moment, lets aside how to migrate existing users that authenticate using the local database.
Environment:
KC Server: Windows 2008R2 x64 hosting Kerio Connect 8.2.1 (2096)
Mail Domain: MyCompany.com
AD server: Windows 2008R2 x64. No other services running on this machine
AD Domain: MyCompany.local
I installed the Kerio AD Extensions (kade-8.2.1-2906.win64.exe), matching my Kerio Connect version, as well as the bit-ness of the host operating system. After the installation, I see a couple things that I don't understand:
1) new users created in AD, and ONE old user, will have the 'kerio connect account' tab in AD users and computers. It does not appear on any other user.
2) In the 'Kerio Connect Account' tab, there is an option to add e-mail addresses, but they are considered invalid unless they use the AD domain name (<_at_>MyCompany.local). I cannot add addresses that use our e-mail domain (MyCompany.com)
3) In the Kerio Connect admin console, I go to setting -> domains -> Directory service. I choose active Directory, and point the setting to the machine with the PDC role (The same machine where I ran the installer for KADE). When I test the connection, it tells me the 'Scheme extensions not found on LDAP server'.
So, I'm stuck. Can anyone shed some light on this?
|
|
|
|
| Re: Struggling with AD integration [message #111256 is a reply to message #111239] |
Fri, 28 February 2014 02:18  |
zebby
Messages: 154
Registered: March 2009
|
|
|
|
Hi,
We migrated a while ago, if my memory is faithful it was pretty painless.
I hope some of this is useful!
Quote:1) new users created in AD, and ONE old user, will have the 'kerio connect account' tab in AD users and computers. It does not appear on any other user.
Looking at our server, existing users don't get a Kerio account tab, for it to appear you need to right click the user and click 'Kerio Connect tasks...' If a user doesn't have an account it will create one or if they do it will delete it. If my memory serves me correctly should you delete the email account this way the message store for that user is also deleted. Well it was when I tried it several versions back.
Quote:2) In the 'Kerio Connect Account' tab, there is an option to add e-mail addresses, but they are considered invalid unless they use the AD domain name (<_at_>MyCompany.local). I cannot add addresses that use our e-mail domain (MyCompany.com)
This is the same as us. The account shown in on the user in AD is AD domain, but the email address created in Kerio is correct. I've never tried setting an email address this way though, I've always used the right click function noted above.
Quote:3) In the Kerio Connect admin console, I go to setting -> domains -> Directory service. I choose active Directory, and point the setting to the machine with the PDC role (The same machine where I ran the installer for KADE). When I test the connection, it tells me the 'Scheme extensions not found on LDAP server'.
This doesn't sound like you've set up any different to what we have given we both have a very similar setup but it's worth checking...
The DC you're connecting to is the schema master?
You have the map option enabled and Microsoft Active Directory selected?
We use the hostname for the server - kittywhite (but IP should work)
We use the full username - administrator<_at_>ourdomain.local (and the user has appropriate rights?)
We have secure LDAP enabled
We have domain name is different from mail domain set - ourdomain.local
Also LDAP and LDAPS services are running on Kerio server?
|
|
|
|
Members
Search
Help
Register
Login
Home
