Overview of AD User Management (Hybrid User Management)
Nerdio Manager allows you to create a connection between Nerdio Manager and Active Directory that can be leveraged to control Active Directory.
The installation process has the following workflow:
For more details about user management in Nerdio Manager, see Overview of Users.
Prerequisites
On-premises Domain Controller
Active Directory Web Services must be running.
-
Access to Azure over a port specified during connection setup.
See this information for Service Bus Endpoints for further hardening: https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections#troubleshooting
Active Directory User Account
Unique user account for Nerdio Manager.
-
Minimum Active Directory Permissions required:
-
Delegate access
Create, delete, and manage user accounts
Reset user passwords and force a password change at next logon
Read all user information
Modify the membership of a group
-
Note: Account credentials are stored in the MSP’s key vault.
Pricing
There is no additional Nerdio cost to utilize AD User Management, but Service Bus Relay Hybrid Connections do have an additional Azure cost for each connection and limits depending on which App Services Plan your Nerdio Manager installation utilizes. This cost is associated with the subscription that Nerdio Manager utilizes and does not bill to the end customer accounts. Each domain controller connected to Nerdio Manager counts as a single connection. The following pricing was accurate at the time of publication, but please see this service bus price page for updated information. https://azure.microsoft.com/en-us/pricing/details/service-bus/
App Service Plan |
Hybrid Connection Limit |
---|---|
Basic (Nerdio Default) |
5 |
Standard |
25 |
Premium (v1-v3) |
220 |
Isolated (v1-v2) |
220 |
Create an AD User Management Connection
You must create a connection between Nerdio Manager and the host where the hybrid connection manager is installed.
To create an AD User Management connection:
In Nerdio Manager, at the MSP level, navigate to Settings > AD User Management.
Select Add.
-
Enter the following information:
Account: From the drop-down list, select the account that uses this connection.
-
Hostname: Type the fully qualified domain name for the domain controller where the hybrid connection manager will be installed.
Note: The domain controller must have internet access.
-
Port: Type the destination port for the hybrid connection.
Note: It is recommended that you use the default port 9389.
Service Bus: From the drop-down list, select an existing service bus relay or create a new one.
Once you have entered the desired information, select OK.
Install the Hybrid Connection Manager (HCM)
The Hybrid Connections feature requires a relay agent in the network that hosts your Hybrid Connection endpoint. That relay agent is called the Hybrid Connection Manager.
You can download the Hybrid Connection Manager's installation msi here.
To install the Hybrid Connection Manager:
In Nerdio Manager, at the MSP level, navigate to Settings > AD User Management.
-
Locate the AD User Management connection you wish to work with and select continue configuration.
Make a note of the connection information, which is needed in the next step. In addition, use the copy icon to copy the Gateway Connection String to the clipboard.
-
See this Microsoft article for full details about how to install HCM. Hybrid Connection Manager
Note: Be sure to select Enter Manually and copy in the connection information.
Configure the Hybrid Connection's Credentials
You must configure the hybrid connection's credentials.
To configure the hybrid connection's credentials:
At the Account level, navigate to Settings > Integrations.
-
In the AD User Management Connection tile, select edit.
-
In the Active Directory Credentials tab, enter the following information:
Username: Type the username.
Password: Type the password.
Test Connection: Select this to test the connection.
Once you have entered all the desired information, select Next.
-
In the Organizational Unit Setup tab, enter the following information:
Organizational Unit: From the list, select the Organizational Unit. Optionally, select from all organizational units.
Once you have entered all the desired information, select Next.
-
In the Default Organizational Units tab, enter the following information:
Users: Select the OU that is the default when new users are created.
Groups: Select the OU that is the default when new groups are created.
-
Once you have entered all the desired information, select Save & close.
Nerdio Manager attempts to make the connection. You can see the task's status in Integrations Tasks.
Note: You can see the AD User Management Connection status on the list of Accounts.
Manage an AD User Management Connection
Nerdio Manager allows you to view and test an existing AD User Management connection.
To manage an AD User Management connection:
At the Account level, navigate to Settings > AD User Management.
-
Optionally, hover over the AD User Management connection to see its connection details.
-
Optionally, select test to test the connection.
Note: You can view the test results in Integrations Tasks.
Disconnect an AD User Management Connection
Nerdio Manager allows you to disconnect an existing AD User Management connection.
To disconnect an AD User Management connection:
In Nerdio Manager, at the MSP level, navigate to Settings > AD User Management.
Locate the AD User Management connection you wish to disconnect and select Disconnect.
When prompted, confirm you wish to disconnect.
Comments (0 comments)