1. Knowledge Base
  2. MDaemon® Email Server

How to use Active Directory to create/update MDaemon accounts and/or public address book(s)

MDaemon can query Active Directory to create and update Active Directory accounts. MDaemon can also monitor Active Directory to populate and update public address book(s).

The following article applies to MDaemon version 17.0 and above.  Prior supported versions may not contain all features.

Active Directory > Monitoring

  1. Select Accounts
  2. Select Account Settings
  3. Choose Monitoring under the Active Directory menu.
  4. Check Monitor Active Directory and update public address book(s)
    • Common fields like an account's postal address, phone numbers, business contact information, and so on will be populated into their public contact record, and this data will be updated any time it is changed in Active Directory.
    • For a complete list of which public contact record fields can be mapped to Active Directory attributes, see the ActiveDS.dat file located in the \MDaemon\App directory.
    • MDaemon must match an account's email address to some attribute within Active Directory in order to know which contact record to update.
    • Enabling this feature will overwrite any changes you make outside of Active Directory.
    • MDaemon accounts that are set to private are not subject to having their contact records created or updated.
  5. Check Monitor Active Directory and create/update MDaemon accounts 
    • Click this option to activate Active Directory monitoring, which will create and update MDaemon accounts as Active Directory is updated.
  6. Check Use Active Directory domain names when creating accounts if you would like to use them.  Otherwise, MDaemon's default domain is assumed and used.
  7. Enter a domain in the Windows domain for AD authentication if you wish to use Dynamic Authentication for accounts created by Active Directory Monitoring.  If left blank, new accounts will be assigned random passwords and will need to be edited before accounts can be accessed.

When Monitor Active Directory and create/update MDaemon accounts is enabled, there are 4 actions available when account are deleted in Active Direcotry:

  • ...do nothing (leave the MDaemon account untouched)
  • ...delete them from MDaemon (this deletes the account's email also)
  • ...disable the MDaemon account (account can't send or receive mail)
  • ...freeze the MDaemon account (account can receive but can't collect mail)

This menu also the option to Freeze MDaemon accounts when they are disabled in Active Directory.  Check this option if you with MDaemon to freeze account disabled in Active Directory.

active directory monitoring mdaemon sync

Active Directory > Authentication

This menu is used to authenticate with the Active Directory server.

  • Bind DN is the distinguished name (DN) MDaemon will use when binding to Active Directory using LDAP.  Active directory permists using a Windows account or User Principle Name (UPN) when binding.
  • Password is the password that corresponds to the DN or Windows login account used in the Bind DN option.
  • Use secure authentication would be checked to secure authentication when performing Active Directory searches.
    • This option cannot be used if a Distinguished Name (DN) is used rather than a Windows logon in the Bind DN section.
  • Use SSL authentication would be checked if SSL authentication is to be used when performing Active Directory searches.
  • Email address attribute is a text box used for MDaemon mailing lists and is only available when accessing the Active Directory options located in the Setup > Mailing List Manager > (list) > Active Directory menu.

Active Directory Searching

  • Base entry DN - is is the Distinguished Name (DN) or starting point in the Directory Information Tree (DIT) at which MDaemon will search your Active Directory for accounts and changes. By default MDaemon will begin searching at Root DSE, which is the topmost entry in your Active Directory hierarchy. Designating a more precise starting point closer to the location of your user accounts in your particular Active Directory tree can reduce the amount of time required to search the DIT for accounts and account changes. Leaving this field blank will restore the default setting of LDAP://rootDSE
  • Search Filter - This is the LDAP search filter that will be used when monitoring or searching your Active Directory for accounts and account changes. Use this filter to more precisely locate the desired user accounts that you wish to include in Active Directory monitoring.
  • The Search Scope will allow limited searches against Active Directory.  Three options are available:
    • Base DN only - this search is limited to the base DN specified in the base entry DN only.
    • 1 level below base DN - this search is extended to one level below the supplied DN.
    • Base DN and all children - this search will include the base entry DN and all children.
  • Page size - The default value is 1000 entries.  If AD results are larger than this value, another "page" will be created.
  • Verbose AD logging - Verbose logging is enabled by default.  If less extensive logging is desired, clear this checkbox.

    active directory authentication mdaemon

Once all configurations have been made, select Test these settings to have MDaemon collect and display the first few results of the query.