Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Struggling with AD integration
  •  
Bud Durland

Messages: 395
Karma: 43
Send a private message to this user
I've decided that I would like to convert our authentication to use Active Directory. For the moment, lets aside how to migrate existing users that authenticate using the local database.

Environment:
KC Server: Windows 2008R2 x64 hosting Kerio Connect 8.2.1 (2096)
Mail Domain: MyCompany.com

AD server: Windows 2008R2 x64. No other services running on this machine
AD Domain: MyCompany.local


I installed the Kerio AD Extensions (kade-8.2.1-2906.win64.exe), matching my Kerio Connect version, as well as the bit-ness of the host operating system. After the installation, I see a couple things that I don't understand:

1) new users created in AD, and ONE old user, will have the 'kerio connect account' tab in AD users and computers. It does not appear on any other user.

2) In the 'Kerio Connect Account' tab, there is an option to add e-mail addresses, but they are considered invalid unless they use the AD domain name (<_at_>MyCompany.local). I cannot add addresses that use our e-mail domain (MyCompany.com)

3) In the Kerio Connect admin console, I go to setting -> domains -> Directory service. I choose active Directory, and point the setting to the machine with the PDC role (The same machine where I ran the installer for KADE). When I test the connection, it tells me the 'Scheme extensions not found on LDAP server'.

So, I'm stuck. Can anyone shed some light on this?
  •  
zebby

Messages: 240
Karma: 2
Send a private message to this user
Hi,
We migrated a while ago, if my memory is faithful it was pretty painless.
I hope some of this is useful!
Quote:
1) new users created in AD, and ONE old user, will have the 'kerio connect account' tab in AD users and computers. It does not appear on any other user.

Looking at our server, existing users don't get a Kerio account tab, for it to appear you need to right click the user and click 'Kerio Connect tasks...' If a user doesn't have an account it will create one or if they do it will delete it. If my memory serves me correctly should you delete the email account this way the message store for that user is also deleted. Well it was when I tried it several versions back.
Quote:
2) In the 'Kerio Connect Account' tab, there is an option to add e-mail addresses, but they are considered invalid unless they use the AD domain name (<_at_>MyCompany.local). I cannot add addresses that use our e-mail domain (MyCompany.com)

This is the same as us. The account shown in on the user in AD is AD domain, but the email address created in Kerio is correct. I've never tried setting an email address this way though, I've always used the right click function noted above.
Quote:
3) In the Kerio Connect admin console, I go to setting -> domains -> Directory service. I choose active Directory, and point the setting to the machine with the PDC role (The same machine where I ran the installer for KADE). When I test the connection, it tells me the 'Scheme extensions not found on LDAP server'.

This doesn't sound like you've set up any different to what we have given we both have a very similar setup but it's worth checking...
The DC you're connecting to is the schema master?
You have the map option enabled and Microsoft Active Directory selected?
We use the hostname for the server - kittywhite (but IP should work)
We use the full username - administrator<_at_>ourdomain.local (and the user has appropriate rights?)
We have secure LDAP enabled
We have domain name is different from mail domain set - ourdomain.local
Also LDAP and LDAPS services are running on Kerio server?
Previous Topic: Kerio Webmail timeouts
Next Topic: Email Notifications
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 00:43:58 CEST 2017

Total time taken to generate the page: 0.00457 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.