Kentico Active Directory Import Service provides real-time import of users and groups from the Active Directory database to users and roles in Kentico. The service is fully configurable through a configuration file.
Assuming that you have Kentico version 8.x installed, follow these steps:
- Enable REST service in Kentico settings with basic authentication
- Download the ADImportService.exe executable from releases (You might need to unblock it. Right click on
ADImportService.exe, select properties and click unblock (screenshot). - Open the command line and find the
InstallUtilutility (most likely inC:\Windows\Microsoft.NET\Framework64\v4.0.x - Execute the
InstallUtil.exe <path to the ADImportService.exe>(e.g.:InstallUtil.exe C:\ADImportService\ADImportService.exe) command - Create the
C:\ProgramData\Kentico AD Import Service\configuration.xmlfile and copy the sample configuration there - Open the configuration file and enter all required values
- Open Microsoft Management Console and start the
Kentico AD Import Service
Immediately after starting, it gets the current users and groups and adds them to Kentico. Then it enables processing of asynchronous changes. If the application fails, it informs about the event in the Windows Event Log.
Here is a sample configuration which you can copy to the configuration.xml file.
<ServiceConfiguration>
<Listener DomainController="FQDN or IP of Domain Controller"
UseSsl="false" SslCertificateLocation="Path to .cer file">
<Credentials>
<UserName>UserName</UserName>
<Password>Password</Password>
<Domain>Domain</Domain>
</Credentials>
</Listener>
<Rest UserName="Kentico user name" Password="Kentico password"
Encoding="utf-8" BaseUrl="http://localhost/Kentico8 (use https to ebnable SSL)"
SslCertificateLocation="Path to .cer file" />
<UserAttributesBindings>
<Binding Cms="FullName" Ldap="sAMAccountName" />
<Binding Cms="UserGUID" Ldap="objectGUID" />
</UserAttributesBindings>
<GroupAttributesBindings>
<Binding Cms="RoleDisplayName" Ldap="sAMAccountName" />
<Binding Cms="RoleDescription" Ldap="description" />
<Binding Cms="RoleGUID" Ldap="objectGUID" />
</GroupAttributesBindings>
</ServiceConfiguration>If you're not able to run the service, make sure that
- LDAP server is accessible
- REST service is accessible (try to open it in your browser
www.yourdomain.com/rest/cms.user) - Credentials are valid
- Kentico user is able to modify users and roles
- Windows user is able to read from AD database
- Check the Windows Event log and Kentico Event log for error messages
The project is based on code developed by Tomas Hruby for his bachelor thesis (full text of the thesis in pdf).
Want to improve the AD Import Service? Great! But make sure you read the contributing guidelines first.
If anything feels wrong or incomplete, please let us know. Create a new issue or submit a pull request.