This feature allows you to extend Cerberus Administration rights to Active Directory users and groups.
Creating a Directory Connection
Navigate to AD Users and click 'New' to add a new domain. (You must add a new domain to allow Admin Users)
Select 'New Domain'
- Add your Domain Name in the 'Domain Name' field
- Select 'Administrative Users'
- Press 'Add to open the form to set up the Active Directory connection.
Add A New Domain Connection Dialog
Administrative Users settings are a slimmed-down version of the Standard Users configuration and do not receive automatic access to normal file services. As such, Virtual Directory and Directory Mapping options do not appear:
Configuration options for Administrative AD Connection
The 'Controller' field is not editable and will be filled in by Cerberus, it is for your information only.
The 'Username' and 'Password' fields are optional. By default, Cerberus makes queries and binds to objects in the domain using the credentials for the account running the Cerberus FTP Server Windows Service. You can provide alternative credentials and options here to customize how Cerberus authenticates when binding to objects in the domain.
Creating AD Admin Users and Groups
To grant admin rights to AD users and groups, navigate to Server Manager>Remote>Remote Admin Settings:
Press the New button to create new admin users.
On the window that appears, in the 'Administrator Type' drop down, select 'Directory Admin'.
Selecting the Administrator Type drop-down shows the form to set up the user and grant them admin rights.
Directory Admin Options
This window displays all the options you'll need to grant Web Admin rights to directory-based groups and users. More specifically, Directory Admin has these configuration options:
Select The domain of the user/group to receive Admin access. The drop-down lists all AD Admin Connections, should you need to support more than one domain.
Admin User grants access to a single domain user.
Admin Group grants access to all members of the group. Nested groups (and their members) also inherit the assigned permissions.
The DN of the user or group, for example, “CN=DirAdmin,CN=Users,DC=mydomain,DC=com”
It is best to copy and paste from an AD administration tool like Active Directory Users and Groups or PowerShell cmdlets Get-ADUser and Get-ADGroup
Allow 2 Factor
Users will have the option to enable two-factor authentication.
Require 2 Factor
Users are required to set up two-factor authentication when logging in for the first time.
Admin roles allowed to this user or group.
Admin roles that can be granted to a user or group.
|...grants access to:
|Allow Server Control
|Allow Configure Server
|Allow User Management
|Allow IP Control
|Allow Event Management
|Allow Report Generation
Editing Admin Users and Groups
Native and Directory-based admins appear in the navigation table. The navigation table has icons and a Source column to easily distinguish between native, directory group, and directory user entries. To see an admin user or group's settings, select the user/group's row and the details are editable in the bottom panel:
Administrator Accounts Editor
Additional details can be found here in our blog post. Here you will find some examples and additional technical information.