Active Directory basic settings (7.1.0)

Active Directory basic settings

Go to:

Active Directory service account

In order for ThoughtFarmer to access Active Directory it needs to use the credentials of an AD account that has the appropriate permissions. This is a service account that should NOT have a password expiry set. If there is a password expiry set, ThoughtFarmer authentication and other components may fail.

To use all the Active Directory integration features of ThoughtFarmer this account needs to have read and write access. For permission information please see AD security permissions. Please also see the page Features requiring write access to Active Directory.

If you do not intend to use these features, or if your security protocols restrict this usage, then read-only access to AD is sufficient.

Configure Active Directory integration

  1. Go to the ThoughtFarmer Administration panel: Users & Security section > Active Directory page.
  2. Click enable beside Active Directory basic settings. If already enabled, click change.



  3. Enter your domain name in the AD domain field.


  4. Enter the AD service account name in the AD user login name field.
  5. Enter the AD service account password in the Password field.
  6. Click Save settings at the bottom of the page. (If the account is valid you are brought back out to the main Active Directory page. If the account is invalid you see an error message and need to correct the error before proceeding.)
  7. Click change again in the Active Directory basic settings section.


  8. (Optional) Enable write access by clicking "Yes" in the Write access section.
  9. (Optional) Enable Automatic user creation by clicking "Yes" in the User creation section.
  10. (Required only if automatic user creation is enabled) Select the AD group that ThoughtFarmer is to sync with from the provided dropdown.
  11. Click Save settings.

Note: If you have a very large Active Directory with more than 1000 security and distribution groups they will not all show on the dropdown in step ten above. In this case you must set the configuration setting to "true". The dropdown will then be replaced with a text field for entering the AD group name manually.

Write access

Set the write access radio button to the appropriate value for your desired feature set. Whatever the AD user permissions and ThoughtFarmer configuration, disabling write access here will ensure that no information in your Active Directory will ever be altered. Please see Features requiring write access to Active Directory for more information.

Automatic user creation

Set the radio button in the User creation section to "Yes" to enable the automatic user creation features. With this value set to "No" all users will need to be created manually by an Administrator. Please see Create Active Directory users for more information on the automatic user creation features.

Active Directory intranet users group

To use the Active Directory automatic user management features you need to use a single AD distribution or security group to manage all users. This AD group can contain nested groups. This group must be a specifically created group and not an AD default group such as "Domain users". It is important to verify the members of this group before syncing to avoid creating unwanted profiles in ThoughtFarmer (eg. service accounts, or other generic accounts).

If you have just created a custom group in AD you may need to refresh the Active Directory configuration page in order for the changes to be picked up.