Adding a Connection
If you have AD users stored across multiple connected forests, you must add those forests to PK Endpoint Manager here.
- Click Connectors to open the Active Directory Connections page. You'll see the current list of registered domains.
- Click Add Connection. The Add Forest Connector page displays.
- Enter the full name of the server you want to connect.
- Enter the username and password to connect to the server.
- Check Use SSL to connect securely. By default, the Enabled box is checked.
- The Enabled box enables or disables the connector for use by the manager, checked by default.
- Test the connection by searching for a UserID, Kerberos account, or SID on the new forest. Click Test to run the search.
- When the server passes the connection test, click Save to add this domain account.
Note: If PK Endpoint Manager fails to connect to an Active Directory Connector, PEM will disconnect and attempt to reconnect (retry) to the Connector. This establishes a clean connection. The failure will be logged. By default, only one connection retry is allowed. Contact your PK Protect system administrator if the problem persists.
Use the Active Directory Connections page to search for a User or SID on all connected forests.
Note that you can define what forest PK Protect searches first with the Order column on the Active Directory Connections page. Drag and drop the icon for each server to change the current order.
In a large-scale PK Protect deployment you may want to pre-load some user accounts before they connect. The Stage option on the Active Directory Connections page gives you the ability to decrease load during the initial rollout.
- Click Stage next to the Server you want to add accounts to.
- Define the path to the Organizational Unit you want to load accounts from.
- Use Lightweight Directory Access Protocol (LDAP) filters to specify what accounts to add. See Extracting Files in the PK Protect Command Line Interface user guide for more information on using LDAP filters.
- Specify a limit for the number of accounts to stage.
- Click Stage to start the process.
Click Staged Accounts on the Active Directory Connections page to review the existing Staged Accounts.