AuthCentral 2.8 metadata in the Active Directory

Installation of the metadata 

AuthCentral Server does not modify or change the AD schema with extensions, it uses existing LDAP fields, as such it can be completely removed if required.

When Authentication Server is installed to the Active Directory the following items are created:

  • 3 Universal Security Groups:
    • AuthCentral Administrators
    • AuthCentral Operators
    • AuthCentral Servers
  • A Container object called Winfrasoft in the CN=System of the Forest Root domain. This container also includes 3 child objects:
    1. Administrators Hit
    2. Global Settings
    3. Operators Hit
  • A serviceConnectionPoint object called AuthCentralServer on the Active Directory Computer Account the AuthCentral server software is installed onto.

Further information regarding the groups is available in the Authlogics Authentication Server Installation and Configuration Guide.

The Winfrasoft Container can be browsed to and the contents viewed using ADSIEdit. The distinguished name for the parent object would be:

CN=Winfrasoft,CN=System,DC={Domainname}

 

Removal of the metadata

In some scenarios it may be required to remove all Authentication Server data from the Active Directory. This is NOT done automatically by uninstalling the Authentication Server software. This is by design to cater for upgrade and server migration scenarios without loosing data.

To completely remove Authentication Server metadata from Active Directory:

  1. Delete all the users from the Authentication Server MMC which will remove the metadata from the user objects.
  2. Uninstall the AuthCentral Server software.
  3. Remove the CN=AuthCentralServer entry, and all its sub objects, from the Active Directory Computer Account of the AuthCentral server using ADSI Edit.
  4. Remove the CN=Winfrasoft,CN=System,DC={Domainname} entry, and all its sub objects, from the Default Naming Context using ADSI Edit or AD Users and Computers (Advanced View).
  5. Delete the following Authentication Server groups from Active Directory using Active Directory User and Computers Management Console:
    • AuthCentral Administrators
    • AuthCentral Operators
    • AuthCentral Servers

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.