When Active Directory users log into the DNN environment with Active Directory enabled, it synchronizes Active Directory (AD) groups to the Global Security Roles within DNN. This article explains how the synchronization works and how to integrate with it.
Below is a simple illustration showing how the DNN Platform can integrate with Active Directory. In this solution, we are relying on LDAP (Lightweight Directory Access Protocol) to consume information from Active Directory.
- The Active Directory server provides an LDAP protocol that exposes the AD user data store.
- DNN Platform is hosted on the IIS server that is a member of the Active Directory domain.
- Corporate users (employees) are automatically signed in to the DNN Platform.
- Clients using Internet connection can still view DNN website as a Guest or a Registered User (if they manually sign in to the DNN).
To achieve this integration, there is a built-in solution under Available Extensions for AD integration which allows you to synchronize roles in DNN with groups in AD. You can install this module by going to Settings > Extensions > Available Extensions > Showing Authentication Systems.
To configure your Active Directory and DNN to synchronize each other, please check the "Synchronize Role?" on Site Settings for the DNNPro_ActiveDirectoryAuthentication extension by accessing it through Settings > Extensions > Edit DNNPro_ActiveDirectoryAuthentication > Site Settings.
The role synchronization needs to match roles with the same names. Therefore, if you have a role in AD called Marketing, it should also be created in DNN with the same name. Then once the user logs in they will be added to the DNN Role as well.
Important: For anyone using a version below 9.2, the default Administrator role is not synchronized. Thus AD Administrators will not become DNN Administrators.
For more information on how to create DNN roles, please check the following KBs:
For more information on how to configure the “AD-Pro Authentication” module, please check the following documentation:
Test that the AD roles have been synced by
- Log into the DNN environment with your Active Directory credentials.
- Then log into SuperUser account, then go to Manage > Users > Search for the AD user > View the role that is assigned for this user.