Edit

Active Directory Connector

Learn about the functionality and requirements of the Aisera's Active Directory connector

Overview

This page describes the process of setting up an Active Directory connector for actions or data source configurations.

Prepare

Before configuring the Active Directory connector you will need to ensure that you gather the following information:

Field
Description

Host

Enter the address of of the system you are attempting connection with. It may be in the form of a URL or an IP address.

Port

The port number of the server to which the connection should be established.

The default port number for unsecured connection is 389 and for secure 636

Base DN

Specifies the base DN for all searches. Only entries at or below this location in the server will be considered potential matches.

Connection Type

Enter WINRM_INTERNAL

Distinguished Name

Enter the User DN

Password

The password for the User DN found in the field above.

Integration Setup

To set up an Active Directory integration:

  1. In the Aisera Admin UI navigate to Settings > Integrations

  2. Click on + New Integration

  3. In the menu, select Active Directory and click Next

  4. Enter the Configuration details and click Next

    Field
    Description

    Name

    The name used to identify the integration

    Public

    This determines whether the integrations will be used outside of the Firewall. Disable this if you are going to use a Remote Executor.

    Description

    A description of the integration and it's purpose

  5. Enter the gathered Authentication details

  6. Click OK to save the Integration

Data Source Setup

To set up the Active Directory Data Source:

  1. In the Aisera Admin UI navigate to Settings > Data Sources

  2. Click + New Data Source in the upper right corner

  3. Select Active Directory and click Next

  4. Enter the General Details and click Next

    Field
    Description

    Name

    The name used to identify the data source

    Integration

    The integration with the necessary authentication information for data retrieval

    Functions

    Functions dictate how a data source behaves and what data is ingested into the Aisera platform.

    Schedule

    This determines how often the Data Source will request new data.

    Public Domain

    If a data source is public, related Knowledge Base Articles will show as hints for question to the bot.

    Description

    A description of the integration and it's purpose

  5. All remaining options are optional. See the section below for more information. Click Next until the window closes to complete the creation of the Data Source

Optional Configurations

Remote Executor

Select if there is a Remote Executor used. Refer to the following section if RE is used.

Bypass Test Connection

Disable if you want to bypass the test connection

Transformation Script

This field is used to transform data at it is being ingested into the Aisera platform. This script is written in JavaScript.

Post Setup Actions

Data Source Setup through Remote Executor

The following article documents more about the Aisera Remote Executor.

In the case of an on premises integration, Aisera has the capability of using the Remote Executor architecture. The remote executor acts on behalf of the Aisera platform, receiving commands to execute over HTTPS, and returning data to the Aisera platform.

In the case of an on premises integration, PowerShell commands are used to interact with Active Directory. The remote executor must be installed and hosted within a Windows environment on your network.

Prerequisites

To use PowerShell you need to import an Active Directory Module that consolidates a group of cmdlets used to manage Active Directory. On the Active Directory Domain Controller, open a PowerShell with elevated privileges and run the following command.

import-module ActiveDirectory

Remote Executor Flow

Next, you will create a Workflow that will be used by the Connector to execute PowerShell commands to get Users or Groups.

Data Source Configuration

You will need to update the data source configurations to enable the Remote Executor

  1. In the Aisera Admin UI, navigate to Settings > Data Sources

  2. Select the desired Active Directory Data Source

  3. On the Data Source Details page click the Pencil icon in the top right to begin editing the data source configurations

  4. Click Next to navigate to Step 2 of 3: Configurations

  5. Using the Remote Executor dropdown, select Yes

  6. In the AiseraGPT field, select the Aisera Application that contains the workflow created previously

  7. In the Workflow field, select the workflow created to execute PowerShell commands on the Active Directory Domain Controller

    Updated Remote Executor Configurations

  8. Select Next, then Ok to save the changed configurations.

Active Directory Actions

Most of the actions require Read-only permissions on Users, Groups and Computers objects. The built-in Domain Users group already has bare minimum rights, to read user, group and computer objects from the directory. A user that belongs to this group will have sufficient rights to execute the following actions:

  • Check if User is Enabled

  • Get all Groups for Active Directory

  • Get Computers from Active Directory

  • Get Expiring accounts

  • Get Expiring passwords

  • Get phone number

  • Get User information

  • Get User status

  • List Owners of an AD group

The actions that need write permissions are the following:

  • Modify Group for Active Directory

  • Reset Password

  • Set Phone number for Active Directory

  • Update Account Expiration Date

To perform these actions a user or group must be granted the following permissions:

  • Reset password

  • R/W pdwlastset

  • R/W memberOf

  • R/W Telephone Number

PreviousAzure ADNextBox Connector

Last updated

Was this helpful?