Active Directory Connector v2 Requirements
Most large companies use Microsoft Active Directory (AD) to automate changes for user identities and application privileges. The Active Directory Connector (ADC) receives Active Directory user updates and automatically makes the same changes in your LogMeIn account. The ADC accesses all users in selected AD groups containing LogMeIn users and all users in any subgroups. All new users are added to one of your validated company email domains in the Admin Center's SCIM* service.
* SCIM is the System for Cross-domain Identity Management that defines how user identities are managed across multiple systems, generally over the Internet.
There are 4 areas of requirements to use the Active Directory Connector (ADC) effectively: Accounts, your Active Directory implementation, the Windows requirements for the ADC host machine, and your firewall settings.
- A LogMeIn product account with at least 1 Organization admin who also has a LogMeIn product admin role
Active Directory requirements
- An Active Directory environment running Windows Server 2003 (or later) with the latest updates installed.
- Windows admin account with the "Log on as a service" permission enabled. This account is used for the Active Directory permission section of the ADC software. To enable this permission for the account being used, do the following:
- In Windows, search for and select Local Security Policy.
- Go to Local Policies > User Rights Assignment.
- Right-click Log on as a service >Properties > Add User or Group.
- Add the ADC Service User (e.g., DOMAIN\username).
- Go to Check Names > OK > OK > Apply to save your changes.
|Active Directory Connector v2 System Requirements|
|Available Disk Space||
Firewall settings should be configured as follows:
|Use Case||<Source Server>||<Target Server>:<Port>|
|Interface for provisioning||<ADC Server Name>||*.getgo.com:443|
|Interface for logging; <source server>||<ADC Server Name>||logging.getgo.com:443|
|Interface for authentication; <source server>||<ADC Server Name>||*.logmeininc.com:443|
|Interface for checking new version of ADC; <source server>||<ADC Server Name>||s3.amazonaws.com:443|
|Insecure connections||<ADC Server Name>||Active Directory Domain Controller:389 (LDAP)|
|Secure connections||<ADC Server Name>||Active Directory Domain Controller:636 (LDAPS)|
|Global Catalog, Insecure connections||<ADC Server Name>||Active Directory Domain Controller:3268 (LDAP)|
|Global Catalog, Secure connections||<ADC Server Name>||Active Directory Domain Controller:3269 (LDAPS)|