Installing and connecting an Active Directory Server with FreePBX
This guide will cover all the steps to create an Active Directory Server and also connect it to our FreePBX server.
The Active Directory Server will be at Windows Server 2012 R2, but you can use another versions and shouldn't be different.
YOU SHOULD ALWAYS HAVE A STATIC IP CONFIGURED ON YOUR WINDOWS SERVER MACHINE
Â
We need to follow these steps in order to add our AD Server.
Â
Click on "Add roles and features"
The wizard will advice you to use a strong password at the administrator account and network settings as we mentioned at the beginning of this guide.
Â
We are going to select "Role-based or feature-based installation"
We select our server ( the name should be the one which appears at "This PC > Settings" )
Â
Â
This is the most important part, you need to select "Active Directory Domain Services" and then click on "Next"
Â
Windows Server will let you know which features it going to install, just click "Add Features"Â
Â
Â
Click "Next"
Just a few information about what is Active Directory Domain Service, click "Next"Â
You can click "Restart the destination server automatically if required", but we don't need this now, just click "Install"
Installation will take some minutes, after that you will see that a configuration is required, just click "Close", we are going to configure that then.
Â
Click on the flag with the warning sign and go to "Promote this server to a domain controller"Â
We are going to add a new forest, that will be our DC name, in my case i used "mypbx.local"
Just set a password and click "Next"
Just click "Next"
You need to wait some seconds here, Windows is going to automatically set your NetBIOS domain name, then click "Next"
I am using only one disk and partition, but it is always a good practice to have this on another location, we are going to use just C:\, click "Next"
If you think you failed on one of the steps, this is the moment to review all your configuration, if you are sure just click "Next"
Click "Install", this is going to take some minutes, is it possible that Windows reboot the server
Â
We should go to " Tools >Â Active Directory Users and Computers" now
We are going to create an OU (Organizational Unit), if not when we sync AD from our PBX, it's going to sync all groups and internal users from Windows, and that's not ok. We click on the OU icon
I chose "pbx" as name, you can you whatever you want, just remember it (you will need it later)
Â
Now, we need to create a group inside our OU (be sure to do it inside of it) just click on the "Add Group" icon
Â
Just set the name you want to use and click "Ok"
Now is time to start adding our users, just click on the "Add User" icon
Just fill with all the information regarding to the user, "User logon name" will be the username on our PBX, then click "Next"
Â
Set a password, you can select "Password never expires" just to don't ask the user to change his password periodically, then click "Next"
27. Just click "Finish" to add the new user.
You are going to see the user on the screen, just double click on the user and go to "Telephones" tab, IP phone attribute will be the extension number of that user, then hit "Apply"
Â
Now is time to add that user to the group we created recently, go to "Member Of" tab
Under "Enter the object names to select" just type the first three letters of the group and click on "Check Names"
Â
It should autocomplete with your group name, after that just click "Ok", another method is to add all the users, then edit the group name and click on "Members" tab and start searching for your users there.
Â
Â
32) He have some users added, now is turn to create an user with administrative permissions.
Â
Â
Just add a user as you were doing, but when you go to "Members of", instead of selecting your group, send that user to the Administrator group
Â
Now we can go to our PBX, we need to reach  User Manager > Directories > Add
Â
Just fill with the information you have on your AD server, if you want to create extensions automatically (pulling the Ipphone attribute we configured before) just select the PJSIP or ChanSIP depending on what you need.
After Submitting if everything went OK, you should see "Connected" at Status
Â
You should see your users now
Â
A new group should be created
Now is turn to enable UCP and Zulu on that group, in order to inherit permissions on all our users
Â
Let's try to access to UCP with one of our users
Â
Works perfectly
42) Now let's do it with Zulu
Â
Â
Â
Working fine!
That's all, at this point our directory should update automatically.