• All Files

Windows Event Log Sources

If Active Directory will be used to ascertain group information, the FortiAuthenticator unit must be configured to communicate with the domain controller.

A domain controller entry can be disabled without deleting its configuration. This can be useful when performing testing and troubleshooting, or when moving controllers within your network.

In order to properly discover the available domains and domain controllers, the DNS settings must specify a DNS server that can provide the IP addresses of the domain controllers. See DNS.

To add a domain controller:

1. Go to Fortinet SSO Methods > SSO > Windows Event Log Sources.
2. Select Create New to open the Create New Windows Event Log Source window.



3. Enter the following information:

NetBIOS Name		Enter the name of the Domain Controller as it appears in NetBIOS.
Display name		This is a unique name to easily identify this Domain Controller.
IP:		Enter the network IP address of the controller.
Account		Enter the account name used to access logon events. This account should have administrator rights.
Password		Enter the password for the above account.
Server type		Select Domain Controller or Exchange Server as the server type.
Disable		Disable the domain controller without losing any of its settings.
Priority		You can define two (or more) Domain Controllers for the same domain. Each can be designated Primary or Secondary. The Primary unit is accessed first.
Enable secure connection		Select to enable a secure connection.

4. Select OK.

By default, FortiAuthenticator uses auto-discovery of Domain Controllers. If you want to restrict operation to the configured domain controllers only, go to Fortinet SSO Methods > SSO > General and select Restrict auto-discovered domain controllers to configured domain controllers. See General settings.