Fortinet white logo
Fortinet white logo

Administration Guide

Windows event log sources

Windows event log sources

FortiAuthenticator must be configured to communicate with the domain controller if Active Directory (AD) will be used to ascertain group information.

A domain controller entry can be disabled without deleting its configuration. This can be useful when performing testing and troubleshooting, or when moving controllers within your network.

In order to properly discover the available domains and domain controllers, the DNS settings must specify a DNS server that can provide the IP addresses of the domain controllers. See DNS.
To add a domain controller:
  1. Go to Fortinet SSO Methods > SSO > Windows Event Log Sources.
  2. Select Create New to open the Create New Windows Event Log Source window.
  3. Enter the following information:
    NetBIOS nameName of the domain controller as it appears in NetBIOS.
    Display nameUnique name to easily identify this domain controller.
    IPNetwork IP address of the controller.
    Account

    Account name used to access logon events.

    The user must have read access to the logs using the built in AD security group "Event Log Readers."

    PasswordPassword for the above account.
    Server typeSelect either Domain controller or Exchange server as the server type.
    DisableDisable the domain controller without losing any of its settings.
    PriorityDefine multiple domain controllers for the same domain. Each can be designated as Primary or Secondary. The Primary unit is accessed first.
    Enable secure connectionEnable a secure connection over either LDAPS or STARTTLS with a CA certificate.
  4. Select Save.

    By default, FortiAuthenticator uses auto-discovery of Domain Controllers. If you want to restrict operation to the configured domain controllers only, go to Fortinet SSO Methods > SSO > General and enable Restrict auto-discovered domain controllers to configured Windows event log sources and remote LDAP servers. See General settings.

Windows event log sources

Windows event log sources

FortiAuthenticator must be configured to communicate with the domain controller if Active Directory (AD) will be used to ascertain group information.

A domain controller entry can be disabled without deleting its configuration. This can be useful when performing testing and troubleshooting, or when moving controllers within your network.

In order to properly discover the available domains and domain controllers, the DNS settings must specify a DNS server that can provide the IP addresses of the domain controllers. See DNS.
To add a domain controller:
  1. Go to Fortinet SSO Methods > SSO > Windows Event Log Sources.
  2. Select Create New to open the Create New Windows Event Log Source window.
  3. Enter the following information:
    NetBIOS nameName of the domain controller as it appears in NetBIOS.
    Display nameUnique name to easily identify this domain controller.
    IPNetwork IP address of the controller.
    Account

    Account name used to access logon events.

    The user must have read access to the logs using the built in AD security group "Event Log Readers."

    PasswordPassword for the above account.
    Server typeSelect either Domain controller or Exchange server as the server type.
    DisableDisable the domain controller without losing any of its settings.
    PriorityDefine multiple domain controllers for the same domain. Each can be designated as Primary or Secondary. The Primary unit is accessed first.
    Enable secure connectionEnable a secure connection over either LDAPS or STARTTLS with a CA certificate.
  4. Select Save.

    By default, FortiAuthenticator uses auto-discovery of Domain Controllers. If you want to restrict operation to the configured domain controllers only, go to Fortinet SSO Methods > SSO > General and enable Restrict auto-discovered domain controllers to configured Windows event log sources and remote LDAP servers. See General settings.