Configure Directory Service
  • 24 Mar 2023
  • 3 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Configure Directory Service

  • Dark
    Light
  • PDF

Article summary

Configure Directory Service

The configure directory service button is used during initial configuration of the server to select the domain or domains that will be linked to the ExactAccess server. Clicking the button will present a screen with the available domains that the server is able to "see" on the network. This list will be limited by domain trusts based on the domain in which the server is a member.

NOTE

he "computer browser" service MUST be enabled and running for this application to find the domains. If this service is stopped or is not started, the domains view will be blank.

The left list contains the available domains. Select a domain or domains and click the Add-> button to add the selected domains to the list. Double click a domain in the selected domains list to mark that domain as the primary user domain (this is used in the even a user attempts a login without specifying a domain).

The final required step for configuration is to RIGHT-CLICK on each of the domains, and select the "Set LDAP" domain from the popup menu. LDAP requires that queries be presented using the Fully Qualified Domain Name (FQDN) of a domain, while XA only queries for the NETBIOS name of a domain. It is therefore required that the FQDN be provided in the form of "DC=domain,DC=subdomain,DC=subdomain" form. This specification must also include the top-level name corresponding to the NETBIOS name.

NOTE

Example: for a domain named boisetestad.gohealthcast.com - the NETBIOS name is BOISETESTAD - the LDAP specification would be: DC=boisetestad,DC=gohealthcast,DC=com

Note that there are no spaces in the data, and each DC=value combination is separated by a comma (,) character. No quotes or other punctuation is required.

The Domain Processing threads value is used to determine the number of work threads available for domain communications. It is recommended that 2 threads be allocated per domain added to the list of selected domains up to the processing core count available on the server. If fewer domains are selected than half the work threads, the remaining threads are simply not used, and do no impact system performance.

EXAMPLE

If 3 domains are selected, the count would be 6 threads, however, if only 4 processing cores are available (2 cores + 2 hyper threads, or 4 cores with no hyper threading), then the recommended value is 4.

After selecting the appropriate domains and pressing the OK button, the system will perform a SID lookup. The SID is a security ID associated with the domain, and is a base for all user and role accounts to provide a unique id to each object. XA will cache the domain SID to improve performance for certain operations.

NOTE

In order for this operation to complete successfully, the configuration tool must have been started under a domain account that has read permissions to each of the selected domains. This is especially important if full, two way trusts do not exist between the server domain and any of the selected domains.

The following registry keys and sub-keys contain the configuration:

HKEY_LOCAL_MACHINE\Software\HealthCast\ExactAccess\XADSNT\Servers

Default: reg_sz=The default domain as entered in the Primary/Default Domain field

Domains: reg_sz=A comma separated list of domains as shown in the Selected Domains list

workerThreads: reg_dword=The number of domain processing threads useful when configured for multiple domains so that they can be simultaneously queried. If this number is less than twice the number of selected domains, additional domain data will be loaded after processing previously configured domains. (e.g. with 3 domains configured, the first 2 will be loaded and the third domain won't be loaded until one of the other two have been loaded when the processing threads is configured for 4). Each domain uses 2 threads to load domain information.

INFO

Domains are listed by their NetBIOS names. If an expected domain does not show up in this list and needs to be configured manually, verify the following information:

  • Ensure there is a two way trust between the server machine domain and the expected domain.
  • If there is only a one way trust, ensure the configuration tool (and the server services) are running under an account from the expected domain (and that this account is a workstation administrator).

Was this article helpful?