Kentico AD Import Service
Kentico Active Directory Import Service provides real-time import of users and groups from the Active Directory database to users and roles in Kentico. The service is fully configurable through a configuration file.
Assuming that you have Kentico version 8.x installed, follow these steps:
- Enable REST service in Kentico settings with basic authentication
- Download the ADImportService.exe executable from releases (You might need to unblock it. Right click on
ADImportService.exe, select properties and click unblock (screenshot).
- Open the command line and find the
InstallUtilutility (most likely in
- Execute the
InstallUtil.exe <path to the ADImportService.exe>(e.g.:
InstallUtil.exe C:\ADImportService\ADImportService.exe) command
- Create the
C:\ProgramData\Kentico AD Import Service\configuration.xmlfile and copy the sample configuration there
- Open the configuration file and enter all required values
- Open Microsoft Management Console and start the
Kentico AD Import Service
Immediately after starting, it gets the current users and groups and adds them to Kentico. Then it enables processing of asynchronous changes. If the application fails, it informs about the event in the Windows Event Log.
Here is a sample configuration which you can copy to the
<ServiceConfiguration> <Listener DomainController="FQDN or IP of Domain Controller" UseSsl="false" SslCertificateLocation="Path to .cer file"> <Credentials> <UserName>UserName</UserName> <Password>Password</Password> <Domain>Domain</Domain> </Credentials> </Listener> <Rest UserName="Kentico user name" Password="Kentico password" Encoding="utf-8" BaseUrl="http://localhost/Kentico8 (use https to ebnable SSL)" SslCertificateLocation="Path to .cer file" /> <UserAttributesBindings> <Binding Cms="FullName" Ldap="sAMAccountName" /> <Binding Cms="UserGUID" Ldap="objectGUID" /> </UserAttributesBindings> <GroupAttributesBindings> <Binding Cms="RoleDisplayName" Ldap="sAMAccountName" /> <Binding Cms="RoleDescription" Ldap="description" /> <Binding Cms="RoleGUID" Ldap="objectGUID" /> </GroupAttributesBindings> </ServiceConfiguration>
Common installation issues
If you're not able to run the service, make sure that
- LDAP server is accessible
- REST service is accessible (try to open it in your browser
- Credentials are valid
- Kentico user is able to modify users and roles
- Windows user is able to read from AD database
- Check the Windows Event log and Kentico Event log for error messages
Want to improve the AD Import Service? Great! But make sure you read the contributing guidelines first.