Configure Domain Controllers

PMM allows your users to be distributed across multiple domains. In order for the system to authenticate users, Secure Email Gateway must be joined to a domain controller associated with your users' mail domains.

A domain controller is responsible for authenticating your users and providing the Gateway with user information. If a user is accessing the PMM Portal from an unrecognized domain, their login will be unsuccessful unless the domain controller has been correctly configured.

You can configure a number of domain controllers for authenticating PMM users on behalf of the Gateway.

Secure Email Gateway can only be a member of one domain at any one time. Joining a new domain will remove the Gateway from its previous association with a domain controller.

The Gateway is only required to join a domain if Client Integrated Authentication has been selected.

Add a domain controller

Navigate to System > PMM Settings > Authentication Settings. The Authentication Settings page is displayed.
In the Domain Controllers panel, click New. The Modify Domain Controller page is displayed.

Overview

In the Overview panel, click Click here to change these settings. Edit the Name and Notes of the domain controller as required.
Click Save.

NTLM Domain Controller

You must provide the name of the domain and, optionally, the domain controller that the Gateway will join. A valid administrator and password for the domain must be supplied.

In the NTLM Domain Controller panel, click Click here to change these settings.

Enter the Fully Qualified Domain Name (e.g. testdomain.com) and NetBIOS Domain Name (e.g. testdomain) of the domain that you want the Gateway to join.

If the NetBIOS name is greater than 15 characters, NTLM authentication can fail when attempting to connect to the domain controller.

Select either Automatically detect domain controllers or Use Domain Controller and enter the fully qualified domain name of the domain controller.
Ensure that both the Global Catalog and Standard LDAP check boxes are selected. The Gateway uses either port to communicate with the domain controller. It is recommended that both are selected for optimum performance.
Select the Use SSL for communications between the Email Gateway and Domain Controller check box as required.
Click Save.

User Name & Password

A user name and password can be supplied for domain controller connections. The credentials are used for LDAP lookups of user information.

In the User Name & Password panel, click Click here to change these settings.

Enter User Name (e.g. testdomain\administrator), and Password for the domain.

It is strongly recommended that you use an account with password expiry disabled.

Click Save.

Mail Domains

You can specify which mail domains are associated with the domain controller. The Gateway determines which domain the domain controller is to use when PMM users login with their email address.

In the Mail Domains panel, click Click here to change these settings.

Define the mail domains served by the domain controller. Select either All hosted domains or Selected hosted domains and specify them. PMM users with email addresses in the selected mail domains will be managed by the domain controller.

The list of available mail domains is configured on the Mail Domains and Routing page. See Hosted Domains for more information.

If there is more than one mail domain available, all mail domains are selected by default.

Click Save.

Apply the configuration.

Join a domain

Navigate to System > PMM Settings > Authentication Settings. The Authentication Settings page is displayed.
In the Domain Controllers panel, select the required domain controller and click Edit. The Modify Domain Controller page is displayed.
In the task panel, click Join Domain. The Join domain dialog is displayed.
Enter an administrator User Name (e.g. administrator) and a Password for the domain.
Click Join.
Apply the configuration. You must apply changes to each of the Gateways configured as a group.

If the portal is configured on a remote peer, the Gateway must be a member of the domain on that peer.

In the Domain Controllers panel, when the mouse hovers over an item under the Joined column, a tooltip is displayed indicating which peer is a member of the domain. This panel also indicates which domain the Gateway has joined.

Test user authentication

After you have applied your domain configuration, you can check that PMM users can be correctly authenticated.

Navigate to System > PMM Settings > Authentication Settings. The Authentication Settings page is displayed.
In the Domain Controllers panel, select the required domain controller and click Edit. The Modify Domain Controller page is displayed.
In the task panel, click Test Authentication. The Test Authentication dialog is displayed.

Enter User Name and Password.

Note that this username can be Windows logon, user principal name or email address.

Click Run Test.

Edit a domain controller

Navigate to System > PMM Settings > Authentication Settings. The Authentication Settings page is displayed.
In the Domain Controllers panel, select the domain controller you wish to modify and click Edit. The Modify Domain Controller page is displayed.
Modify the Overview, NTLM Domain Controller, User Name & Password and Mail Domains panels as required. Click Save on each panel to save your changes.
Apply the configuration.

Delete a domain controller

You can delete a domain controller that is no longer required from the Gateway .

Navigate to System > PMM Settings > Authentication Settings. The Authentication Settings page is displayed.
In the Domain Controllers panel, select the domain controller you wish to delete and click Delete.
Click Delete in the Confirm Delete dialog to confirm the removal.
Apply the configuration.

If no domain controllers are configured, you will not be able to apply the configuration. You must disable PMM.

If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information.

If you use Peer Gateways (i.e. when multiple Gateways are peered), any configuration changes from a local Gateway can then be applied to all the peers at the same time. See Peer Gateways for more information.