Creating a Test Active Directory Domain Controller
While Auth0's Active Directory/LDAP integration is powerful and relatively easy to set up, it does require you have access to an existing directory service and sufficient privileges to install and configure the Connector - which is something that is usually done by a network administrator. But what if you'd just like to try out the Connector or maybe set up a separate dev or test environment? The following steps will guide you in creating a minimal Active Directory Domain Controller installation on your own cloud-deployed virtual machine for just that purpose.
In these instructions you will:
- Create a new Windows Server VM on Azure
- Install Active Directory Domain Services
- Promote the server to a Domain Controller
- Add a few test groups and users
- Install and configure the AD/LDAP Connector
- Test an authentication flow from Auth0
Create a new Windows Server VM on Azure
The VM can run on any cloud platform, but we're going to walk through how to set it up on Azure.
- If you don't have an account with Azure, create one here.
- Log into Azure Management.
- At the bottom/left corner, click NEW, then COMPUTE > VIRTUAL MACHINE > QUICK CREATE
- Complete the form:
- Choose a DNS name. Example:
- Image: Windows Server 2012 R2 Datacenter
- Size: D1
- User name:
- Password: (generate your own secure password)
- Region: your choice
- Click the CREATE A VIRTUAL MACHINE button.
- It will take a few minutes for the VM to be provisioned.
- Click on the ENDPOINTS tab of the new VM and take note of the public port for the Remote Desktop endpoint. In the screenshot below, that port is
- Open up the Microsoft Remote Desktop client app on your local machine (Windows or Mac) and create a new connection to your VM that points to the hostname and port of your new VM and uses the user name and password you specified earlier:
- Open the connection and disregard any certificate warnings presented by the Remote Desktop client.
- You should automatically be logged in and eventually see a desktop that looks like this:
- If you're prompted to find PC's, devices, and content on the local network, choose No.
Install Active Directory Domain Services
- Click the PowerShell icon in the Windows Task Bar to open the PowerShell Command Prompt:
- Install Active Directory Domain Services (ADDS) using this command:
Install-windowsfeature -name AD-Domain-Services –IncludeManagementTools
Promote the server to a Domain Controller
- Promote the server to a domain controller that manages a FQDN of
mycompany.localusing this command:
Install-ADDSForest –DomainName mycompany.local
- You will prompted to enter the SafeModeAdministratorPassword, which is the same as the Administrator password you used when creating the VM.
- You will also be prompted to confirm whether or not you want to continue. Type Enter to do so. The promotion script will run and the VM will automatically reboot.
Add a few test groups and users
- When the VM has finished rebooting, log back in again using the Remote Desktop client.
- Open the PowerShell Command Prompt.
- Run the following script, which will:
- Create two groups: Accounting and IT
- Create two users: Bob Johnson and Mary Smith
- Add Bob to the Accounting group and Mary to both the Account and IT groups
New-ADGroup -Name "Accounting" -GroupScope "DomainLocal" New-ADGroup -Name "IT" -GroupScope "DomainLocal" New-ADUser -GivenName Bob -Surname Johnson -Name "Bob Johnson" -SamAccountName bob.johnson -Enabled $True -AccountPassword (ConvertTo-SecureString "Pass@word1!" -AsPlainText -force) -PasswordNeverExpires $True New-ADUser -GivenName Mary -Surname Smith -Name "Mary Smith" -SamAccountName mary.smith -Enabled $True -AccountPassword (ConvertTo-SecureString "Pass@word1!" -AsPlainText -force) -PasswordNeverExpires $True Add-ADGroupMember -Identity Accounting -Members "bob.johnson", "mary.smith" Add-ADGroupMember -Identity IT -Members "mary.smith"
Install and configure the AD/LDAP Connector
- In your Auth0 account, create a new Active Directory/LDAP connection with the name
auth0-test-adby following these steps.
NOTE: Be sure to copy the Ticket URL that is generated at the end of those instructions.
- On the VM, disable Internet Explorer Enhanced Security Configuration by following these steps.
- Open Internet Explorer with the Ticket URL from above.
- Follow the instructions in the browser to download, install, and configure the Connector.
- Per those instructions, you will be prompted for the LDAP service account. Just use the admin account we created for the VM:
- Password: (same as before)
- When you're done with the instructions, reboot the server.
- Log back into the VM using Remote Desktop.
- Open the Connector configuration site again: http://localhost:8357/
- Test that the Connector is able to find a user by clicking on the Search tab and under "Find User by Login", type
mary.smithand click Search.
- You should get JSON back that contains that user's AD profile data:
Test an authentication flow from Auth0
To easily test that everything is working using your Auth0 account, we're going to configure your Default App in Auth0 to use your new Active Directory / LDAP connection and then use the
/authorize endpoint to initiate an authentication flow.
- In Auth0's Management Dashboard, browse to your applications.
- Click the Settings gear of your Default App
- Make sure that
http://jwt.iois in the list of the app's Allowed Callback URLs.
- Click the Connections tab.
- Under Enterprise make sure the
auth0-test-adActive Directory / LDAP connection is enabled.
- Test the authentication flow by opening the following link in your browser:
- Log in with one of the test users that was created in the directory. For example:
- If everything is working, you should get redirected to the JWT.io website and be looking at the contents of the resulting JWT: