How do I configure Active Directory for Video Insight IP Server?
This document will take you through the steps to get Video Insight IP Server communicating with Active Directory for the purpose of importing user/groups. This will allow you to assign permissions through our software using Active Directory users or groups.
- Video Insight IP Server 126.96.36.199 or above installed.
- System running Video Insight IP Server service must be joined to the Active Directory Domain.
- System should be able to communicate with all domain controllers via port 389 (cannot be changed) or 636 (LDAP).
- Valid Domain Account (with minimal privileges recommended).
- Domain Account should be a stand-alone account (do not use your account).
- When configuring IP Server you must be logged into the domain with a valid domain account.
It is recommended when importing users you actually import a Group versus individual users. The Group will need to be created in Active Directory before you can import them. You can import as many groups as necessary. For example, one to assign administrator rights and one to assign view only rights to in Video Insight IP Server.
Procedure for Configuration:
Configure the IP Video Enterprise service to run under an Active Directory account.
- Go to Start > Run and type: services.msc
- Locate the IP Video Enterprise service.
- Right-click and choose Stop.
- Right-click and choose Properties.
- Select the Log On tab.
- Select the second option for This Account.
- Provide an Active Directory account with minimal rights. A basic domain user account works great.
- Go to the General tab and choose Start.
- Click OK when complete.
- Restart the IIS Admin service if using Web Client
In the Server Manger, configure Active Directory.
- Open the IP Server Manager and select Network Options.
- On the General tab review the Authentication Types. Typically all you need is "Secure" checked. Below is a brief overview of the common ones used:
- None: Broad support for generic LDAP options. This is NOT a secure option to use. It is not supported in Active Directory.
- Secure: Minimal Option needed for Active Directory.
- Sealing: Provides extra layer of encryption (optional).
- Signing: Signs all communication between Active Directory and Video Insight. Like a watermark. This is for Active Directory only.
- SecureSocketsLayer: SSL encryption for LDAP only.
- Go to the Credentials tab in Network Options.
- Enter your Domain User Name and Password.
- Click the "Refresh" button to see the rest auto populate.
- Go to the Groups tab. Here you will see the fully-qualified Domain Name of the Users container in Active Directory.
- Remove the user (CN=John Doe,) information to be able to search for users in Active Directory. (You can go to the Users tab and import individual users, however it is recommended to import groups instead of users.)
- Select the Groups (or users) you would like to import into Video Insight.
- Click OK.
- Back at the Server Manager, Restart the service.
When you go into Monitor Station you will see your Groups (or users) that you imported. You can assign permissions from here.
Be sure to turn on Security in Monitor Station to start using your Active Directory Logins.
- In Monitor Station go to Administration > Setup and Configuration.
- Under All Servers in the left hand tree, select your server name.
- Click the Advanced tab on the right.
- Select Enable Security.
(The default password for the built-in Administrator account is blank.)
Video Insight Support Phone Number: 713.621.9779
Video Insight Support Email Address: email@example.com