14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Hexnode Integrations
  3. Directory services

Category filter

Microsoft Active Directory Integration with Hexnode

Jump To

Active directory domain services hold all directory information and take care of all the interactions between the user and domain. Any unauthorized user access to a device or a server can be verified using Microsoft Active Directory Integration. With Hexnode, you can manage multiple Active Directory domains from a single console.

Once you integrate Microsoft Active Directory with Hexnode, you will be able to see the users, user groups and subdomains of the linked domain. In order to integrate your Active Directory with Hexnode, you must first configure AD Agent Settings.

Hexnode MDM AD Agent Settings

To configure an AD Agent service, click on Admin > Active Directory. This opens up the Agent Settings page when you first configure an Active Directory.

  1. Click on the Download link to download and install the AD Agent on your server.
  2. Click on the second Download link to download configuration file.

    3. Integrating Microsoft AD with Hexnode UEM

  3. Launch the Hexnode MDM_AD Setup Wizard. Click on Next to continue or Cancel to exit setup.
  4. Select the destination folder where Hexnode MDM_AD will be installed. By default, the setup wizard will install the Hexnode MDM_AD in the folder C:\HexnodeMDM_AD

    5. select the destination folder to Install the Hexnode MDM AD setup wizard on Windows device

  5. Select the configuration file downloaded in step 2. Click on Next.

    6. Select the configuration file installed

  6. Once you have uploaded the configuration file successfully, setup will begin installing Hexnode MDM_AD on your computer. Click on Install.

    7. Install the Hexnode MDM AD on your system

  7. Click on Finish to exit setup.

    8. complete the Hexnode MDM AD setup

  8. On Hexnode UEM console, click on Done. Now, click on ‘Active Directory‘ to configure Active Directory Settings.

    9. Navigate to Active Directory on the Hexnode UEM console

Configuring the SSL certificate when LDAPS is enabled in the Active Directory

LDAPS (Lightweight Directory Access Protocol Safe) is a protocol used to securely connect and access a directory over a network. It ensures a secure connection between the client and the directory server. When LDAPS is enabled in the Active Directory, the admin must upload an SSL certificate to the Hexnode portal. The SSL certificate encrypts the transmitted data and also authenticates the LDAP server. SSL certificates can be obtained by executing a few commands or by configuring the certificates manually through Server Manager. The following are the instructions for each approach.

Command Line Interface (CLI) method

In organizations managing multiple servers, obtaining and configuring the SSL certificates individually is a tedious and inefficient process. Administrators can simplify this by using the following CLI commands to retrieve and encode SSL certificates directly across devices. These commands can be executed on Command Prompt or on the Terminal of the AD Server. The retrieved certificate is stored in the directory where the commands are executed.

Configure the SSL Certificate through Server Manager

SSL certificates can be manually configured and uploaded to each server. This method can be used in organizations managing a limited number of servers. These SSL certificates can be configured through Server Manager as follows.

  1. Access Server Manager > Tools > Certification Authority.

    2. Certification Authority under Tools is selected

  2. Navigate to Issued Certificates and click on the certificate listed.

    3. The certificate listed under Issues certificates is selected

  3. Navigate to Certification path. Click on the parent certificate and click on View certificate.

    4. The parent certificate under Certification Path is selected

  4. Navigate to Details and click on Copy to File.

    5. The certificate details are copied to the file

  5. The Certificate Export Wizard opens and click on Next.

    6. Certificate Export Wizard opens up

  6. Select the file format as Base-64 encoded X.509 (.CER). Click on Next.

    7. The file format is selected as Base-64 encoded X.509 (.CER)

  7. Choose the file path. Click on Next. Click on Finish.
  8. This certificate can be uploaded as the SSL certificate in Server Configuration under Active Directory by browsing it from the selected file path.

Active Directory Settings

Active Directory Settings include configuring the server and scheduling sync. These settings can be accessed under Admin > Active Directory.

Server Configuration

  1. Domain Name – Enter the Active Directory Domain Name, which can be the same as the organization’s public domain name, sub-domain or any alternate names that may end in .local.
  2. Domain Controller – Enter the Domain Controller Name.
  3. Port – In case LDAPS is enabled, use Port 636. In the case of LDAP, use the default Port 389. Conversely, you can use the port configured by the admin.
  4. Domain\Username – Enter the Domain Name and Username in the format NetBiosName\SAMAccountName.
  5. Password – Enter the password.
  6. Use SSL (when LDAPS is enabled) – Enable the ‘Use SSL’ option and upload the SSL certificate here.
  7. Select Agent – Select the AD Agent name from the drop-down list. Click on Add New Agent to add a new agent.
  8. Selected OU’s – By default, all the OUs in the domain will be selected. You can click on Change to select the specific OU’s you want.
  9. Allow Self Enroll – If you enable the ‘Allow Self Enroll’ option, users in this particular domain will be able to enroll directly from the portal without any enrollment requests.

Schedule Sync for Microsoft Active Directory

You have an option to choose how often you want the AD to be synced with Hexnode UEM. You can schedule daily or weekly sync, select the days of the week and choose the time of the day the sync has to occur.

On clicking Save, your Active Directory will be synced with Hexnode UEM databases.

Configuring the Active Directory settings for LDAPS

Navigate to Admin > Active Directory.

In the server configuration page, you can add a new agent by clicking on Add new agent.

Similarly, to create a new Active Directory, click on the empty slot with the + sign and configure the settings.

Microsoft AD integration MDM

Data fetched from AD

Once the integration is successful, the admin can see the users and user groups under the Manage tab.

Users synced from Active Directory to Hexnode after integration.

In addition, the Directory Services sub-tab under the Manage tab will have the linked domains listed. This sub-tab displays the recent actions performed on the domain. The admin can also perform actions on the domain here.

Details of domain(s) synced from Active Directory to Hexnode after integration

Delete AD domain

Hexnode UEM lets users remove their Active Directory domain from the portal with ease.

  1. Access the Delete Domain option by clicking on the settings icon under Enroll > All Enrollments > Enterprise > Active Directory.

    2. Delete Domain option for an Active Directory account in Hexnode UEM

  2. During the deletion process, the administrator is provided with two options.
    • Disenroll device(s)
    • Assign to a new user
    1. Disenroll device(s) option removes the Active Directory domain from the portal and disenrolls all devices enrolled under the domain.
      • Pre-approved devices will also be deleted from the portal.
      • The admin is then required to specify the number of users that will be deleted under the domain and click on the Remove button to complete the process.

      2. Disenroll device(s) option to disenroll all devices under an Active Directory account

    2. Assign to a new user option lets the admin assign all devices under the domain to a new user. All existing restrictions/configurations and apps associated with the old user will be removed from the respective device(s).

      Assign to a new user option to assign all devices under an Active Directory account to a new user

      • After specifying the number of users that will be deleted, click on the Remove button, which will open a dialogue box to assign device(s) to a new user.
        • Note:

        • If the Required Apps policy is configured on the new user, devices that do not support silent app installation/uninstallation will prompt the user to install/uninstall an app.

        Change device owner option to choose a new user to assign all devices under an Active Directory account

      • Select the domain and choose the user to assign the devices.
      • Toggle the Delete Old User’s Location History checkbox to delete the location history of old users. Click on the Assign button to complete the process.
    3. Notes:

    • If the “Remove apps from the device on policy removal” option at Policies > Android Settings/iOS Settings > App Management > Required Apps is checked, required apps associated with the old user will be removed and required apps associated with the new user will be installed on the device.
    • If the required app(s) is already installed on the device and is associated with both old and new users, then those apps will be re-installed on the device.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Hexnode Integrations