Mapping Active Directory
Mapping is one-way only, data are synchronized from directory service to Kerio Control. In order to map to the AD Domains, certain conditions are applicable.
Mapping features
- Adding a new user in Kerio Control creates a local account.
- Use ASCII (American Standard Code for Information Interchange) for usernames when creating user accounts in a directory service.
- If you disable users in Microsoft Active Directory, they are also disabled in Kerio Control.
- If you disable users in Apple Open Directory, they stay enabled in Kerio Control.
- Thus, only the Kerio Control hosts can successfully map an AD domain.
Conditions required for mapping the AD domains
- Hosts in the local network (user workstations) should use the Kerio Control's DNS module as the primary DNS server, because it can process queries for Active Directory and forward them to the corresponding domain server.
- If another DNS server is used, user authentication in the Active Directory may not work correctly.
- The Kerio Control host MUST be a member of the mapped domain, else, authentication in the Active Directory might work incorrectly.
- In case of mapping multiple domains, the Kerio Control host must be a member of one of the mapped domains (primary domain).
- The primary domain must trust all other domains mapped in Kerio Control.