How to bind USG FLEX / ATP / VPN Series with an AD-Server. This guide will get you step by step through the configuration process of integrating an already setup AD-server into the USG!
Walkthrough Steps:
Please make sure you have a correctly set up Active Directory Server
1. Access your device by entering its IP address in the browser address line and login by using the device’s credential
2. Navigate to Configuration -> System -> DNS and add under Domain Zone Forwarder your IP and the AD Server with FQDN
3. Navigate to Configuration > Object > Auth. Method
4. Add the "group ad" into the first place
5. Navigate to Configuration > Object > AAA Server
6. Edit the default ad entry
7. Enter the AD server address, change the port, if it has been changed on the AD's site and enter the base DN as shown on the AD Server
8. Enter a DN, which has privileges to authenticate and letting the USG join the domain
9. Match the User Login screen with the one on the AD Server
10. If your AD Server is using Authentication for MSChap, fill out the necessary fields
11. Navigate to Configuration > Object > User/Group and add a new user
12. Set user type to ext-user or ext-group-user
13. Set the Group identifier so it matches the group within your AD Server
14. Set the Associated AAA Server to ad
You can check with the Configuration Validation if the settings work and if you are able to connect to the AD.
KB-00066