Skip to main content

Configure settings for Active Directory

As part of Active Directory configuration, under Advanced settings enter:

  • User base DN: The default is cn=Users, the default container for AD. However, if your AD is configured differently, this will be the path to the top-most container where users are stored in the directory.

    For example, if your users are stored in the DN CN=Engineering,CN=GlobalUsers,DC=intranet,dc=example,dc=com and your base DN is DC=intranet,DC=example,DC=com, the value of the User DN suffix will be CN=Engineering,DC=GlobalUsers.

  • User ID attribute: Enter the user attribute that the user will enter as the username when logging in to the Contrast application. Use the attribute that will be most familiar to the users. The default is Email address.

    • Login ID: The AD sAMAccountName attribute; this is usually the username that you use to log in to Windows.

    • Email address: The AD mail attribute containing the email address of the user.

    • User principal: The AD userPrincipal attribute containing the full username.

  • Search within nested groups: Enable or disable searching within nested groups. The toggle is disabled by default.

  • Follow referrals: In multi-tenant or multi-domain enterprise forests, LDAP queries may be referred to another server for more details. The toggle is disabled by default.

  • Limit referrals: Limit to how many referrals should be followed when AD replies with a Referral response. The default is "5".