Authenticating with Active Directory
Published 07 October 2020
By default, users log in to SQL Monitor using the passwords set by the administrator.
Alternatively, administrators can set SQL Monitor to authenticate users with their Active Directory credentials. SQL Monitor will use the Base Monitor service account credential to query Active Directory. The Base Monitor service account details are stored in the Windows credentials store on the machine where the monitoring service is installed.
Using Active Directory authentication is a best practice, since it means administrators can restrict which servers users can access.
For more information about Active Directory, see: So What Is Active Directory? in the MSDN documentation.
For a quick demo of using AD authentication and adding SQL Monitor users, see the Authentication video on Redgate University.
Switching to Active Directory authentication
Only administrators can switch to Active Directory authentication.
- In the Configuration tab, under Application options, click Authentication settings:
- Select Use Active Directory:
- Enter the domain name.
- Enter the base DN (optional). For example: ou=DBA,dc=domain,dc=com.
Under Service account, enter the username and password for the service account. SQL Monitor stores the service account login details and uses them to query Active Directory.
If the service account password changes or the account is deleted, SQL Monitor won't be able to authorize users. If this happens, you'll need to update the service account details in the SQL Monitor authentication settings.
To avoid this, you might want to create a new account that's unlikely to change.
You can optionally test the connection from here.
Add an administrator user or group (This must be an existing Active Directory user or group.):
SQL Monitor supports security groups, but not distribution groups. For more information on group types in Active Directory, see Group types: Active Directory (TechNet).
We recommend you create an administrator group and specify this as the administrator account. This means you can add more users to the administrator group in in Active Directory instead of configuring new users in SQL Monitor.
- Click Save settings.
SQL Monitor logs you and all other users out. - Log in to SQL Monitor with your domain credentials.
Adding additional Active Directory domain configurations
Additional domains can be added to SQL Monitor in order to allow users from more than one Active Directory domain. Domains with two-way trust should work implicitly, but other types of trust or non-trusted domains will need to have a service account provided in order to function.
- Select Add domain to add an additional Active Directory domain to SQL Monitor.
- Enter the Domain name, Base DN (optional), Service account Username and Password.
- Optionally test the connection.
- Click Save settings and the new domain will be added to SQL Monitor.
One account per Active Directory domain will be added to the Windows Credential Manager. These accounts will have the name formatted SQL_Monitor_AD_ServiceAccount_<Domain> (where <Domain> is the name of the domain). Additionally, an account named SQL_Monitor_Installer_Account will be created when you choose to save credentials during installation.
Switching from Active Directory authentication to default authentication
Only administrators can switch from Active Directory authentication to default authentication.
- Log in to SQL Monitor as an administrator.
- In the Configuration tab, click Authentication settings:
- Select Basic authentication.
The Confirm authentication changes window opens:
- Click Confirm.
SQL Monitor logs you and all other users out. - Log in to SQL Monitor with your SQL Monitor credentials.
If you've forgotten your password, see: Resetting your SQL Monitor password.