About AD Query

Specifies Query, the type of this Active Directory action.

Specifies an Active Directory server; servers are defined in the

Access

Authentication

area of the Configuration utility.

Specifies the search criteria to use when querying the Active Directory server for the user's information. Session variables are supported as part of the search query string.

Specifies whether to retrieve a user's primary group Distinguished Name for use in the access policy.

Specifies whether AD cross domain authentication support is enabled for this action.

When disabled, associates the user only to the groups to which they belong directly. When enabled, associates the user to all groups that are nested under the groups that they directly belong to. For example, if the user belongs to Group 1 and Group 2, and Group1 is a member of Group 3 and Group 4, enabling this setting allows the user to obtain privileges from all groups.

Specifies whether Access Policy Manager (APM) performs a password policy check. APM supports these Active Directory password policies:

Maximum password age
Minimum password age
Minimum password length
Password must meet complexity requirements

APM must retrieve all related password policies from the domain to make the appropriate checks on the new password.

When enabled, causes comprehensive error messages generated by the authentication server to display on the user's logon page. This setting is intended only for use in testing, in a production or debugging environment. If enabled in a live environment, your system might be vulnerable to malicious attacks. (When disabled, displays non-comprehensive error messages generated by the authentication server on the user's logon page.)

Specifies the number of times that APM allows the user to try to reset password.

Specifies whether to warn the user at a set time before the password expires and provide the option to change the password.