this was posted by kimberlyrox in this forum but is not easy to find. this shoud be in the documentation of dnn. thanks one more time to kimberlyrox
MY Specs:
DNN 4.0.3 Source
Windows Server 2003
IIS v. 6.0
SQL Express v9.0.2047
ASP.NET 2.0.50727
Ok, here’s the deal. I know there are a thousand posts on her about the AD, but I never quite got it. So I finally decided to print out several posts and dig through the muck until I got my AD to work. I wrote down everything so that I wouldn’t miss any steps and IT WORKED! Yeah!
Surprisingly enough with all the steps written out, it became easy. And to think I had put it off forever because I had almost given up!
Anyhooo…. I can’t guarantee my steps will work for you, but hopefully it will help someone. So here it is, just keep in mind that I am a beginner on this too and don’t claim to know anything about anything.
One last note, I could not have done any of this without the help of the links at the bottom. With that said, gigantic thanks should go to Tam, wedwardbeck, and kc9900. Without them, I would still have people complaining and wouldn’t have any hair left to boot!
(FYI should work for v3.2 and up.)
ADMIN SETTINGS
1. Logon to your site as Admin
2. Go to the Admin tab, scroll down to Authentication and open
3. Check "Windows Authentication".
4. Check "Synchronize Role?"
5. Provider is "ADSIAuthenticationProvider"
6. AuthType is "Delegation"
7. Domain was set as: dc=scripnet, dc=com
8. Username is netbiosdomainname\username
Example: scripnet\kimberly
The account just needs read rights to the AD accounts you want to authenticate. I did not have to put a name or password in because *I THINK* I had been working on this previously, so this time it wasn’t needed, also, once you get it to work, I would go back and take this info out..
9. Password and confirm password is obvious.
10. Email domain: @scripnet.com
11. Click "Update".
12. This is the message you get if it worked:
Accessing Global Catalog:
OK
Checking Root Domain:
OK
Accessing LDAP:
OK
Find all domains in network:
1 Domain(s):
scripnet.com (SN) - What is in prentices is important, will explain in a sec
IIS SETTINGS:
1. Open IIS Manager find /Admin/Security/WindowsSignin.aspx,
a. Open local computer
b. Open Web Sites
c. Open Default Web Site
d. Open Virtual Directory DotNetNuke (depends on what you named it)
e. Open admin
f. Click once on security and you will see WindowsSigin.aspx in right pane
2. Right click on WindowsSigin.aspx and select “Properties”
3. Click “File Security” tab
4. Click “Edit” in the ‘Authentication and access control’ section
5. Clear the check box for ‘Enable anonymous access’ (in other words, DON’T allow it) and check Integrated Windows authentication.
6. Choose “OK” until out of the Properties box
7. Close IIS only if you don’t want to use auto-login (see below for auto login)
ENABLE AUTHENTICATION HTTPMODULE IN WEB.CONFIG:
1. Find your Web.Config file (mine is located at C:\DNN)
2. Open with notepad
3. Change the comment at authentication httpmodule (<httpmodules> section) in Web.config:
a. Before you change it: <!-- add name="Authentication" type="DotNetNuke.HttpModules.AuthenticationModule, DotNetNuke.HttpModules.Authentication" / -->
b. After the change: <add name="Authentication" type="DotNetNuke.HttpModules.AuthenticationModule, DotNetNuke.HttpModules.Authentication" />
You can stop here if you want. HOWEVER, if you are using this for an intranet, I can tell you from experience that your users will hate it and even you sometimes. That’s because they will have to login every time they open IE. SO! In order to allow AD to login automatically, you will have to change one more setting. BE WARNED: When you have to make changes to your site as HOST, you can log off and back in as the host, but you will not be able to stay under the host name for long before it kicks you back to admin and gives you crap about it. As far as I know though, you can take the site out of intranet zone while you make your changes.
Move your site from the “trusted zone” to the local intranet.
1. Open IE
2. Internet Options
3. Security tab
4. Click “local intranet”
5. Click “sites”
6. If it gives you a warning about moving it, say YES
A couple of side notes:
* I did NOT have to send people to the windowssignin.aspx, all I did was set up a group policy to take them to the page I wanted them to be on. And all I did there was to copy and paste the http addy.
*When working with your VD, make sure your DNN site took the v2.0 of ASP.NET; mine didn’t at first and had to change that.
* Make sure your alias are working BEFORE you do all this.
* My users had to login the first time w/ scripnet\kimberly, and from that point forward as SN\kimberly
GOOD LUCK YA’LL!!