Domain name field not showing up on Orchestrator

Hi there,

I’ve just finished installed a multi-node on-prem orchestrator. However, I’m trying to connect this with our Active Directory AD and it’s not working. I’ve done the same thing that worked in other similar installations, but for this particular isn’t working.

This is the field that I need to have on my Orchestrator

Essentially, what I’ve done in other installations was to enable the ‘useAppPoolCredentials’ on each IIS server. Am i missing something here?

Here is how it is showing on my latest installation

@Anil_G, have you seen this before?

@Joel_Medeiros

Two things here…

Did you enable windows auth or ad while installation?this is little straight forward and yes enabling apppool should duffice

Or

After installation you are trying to add ad?

For me looks like you did not enable during installation…and trying to add it now…if so there are couple of things we need to look at as outlined here

https://docs.uipath.com/orchestrator/standalone/2023.4/user-guide/configuring-the-active-directory-integration

Cheers

Hi @Anil_G ,

I believe the windows authentication is not enabled by default during the installation and it’s required only if you are using Windows authentication to authorize the user access. We are using SAML instead, so we don’t need it. However, we do need the AD users and groups from within the Orchestrator in order to provision access to them.

Just to clarify what you’re trying to achieve:

  1. To be able to add users from AD, and users can authenticate using Windows Authentication?
  2. To be able to add users from AD, and users can authenticate using SAML?
  3. Or do you just need users to be able to authenticate using SAML?

@Joel_Medeiros

We can enable windows authentication if needed while installation itself…and yes only if needed

And as you want ad groups for provisioning access the first two steps in the above are still mandatory…the second I believe you have already done…please check on the first too…ignore strp 3 and 4

Cheers

@yikwen.goo

I want to add users from AD, but they will be authenticating using SAML 2.0.

Hi @Anil_G

I have executed the steps 1 and 2. But we are still facing the same issue. I believe this is a bug of the 2023 version and we have a ticket open with the UiPath support. Let’s see what will be the outcome.

1 Like

Interesting! Do let us know the outcome of the ticket.

Just curious, if you can add users via AD, those users would also be able to authenticate using Windows authentication right? Is there a reason why they are to be added from AD but authenticate using SAML?

Hi @yikwen.goo ,

It depends on your solution. You might want to connect to your Active Directory and use Windows Authentication, but you can also use SAML. On my specific case, it’s a security requirement to use SAML instead of Windows. But the AD users and groups should work regardless how you authenticate.

Any update on this issue?

Having the same issue, Domain Field does not show up and i cant search any users within AD after enabling it.

Though upon login, i tried to log my AD Account and looks like windows was able to authenticate it (checked via windows events, where orchestrator is hosted)

after the login using AD, the below error shows, which is quite expected as i cant see/add any users in the default organization in orchestrator,

image

For the AD domain that the Orchestrator server is in, does it have 2-way trust with the users’ domain?
https://docs.uipath.com/orchestrator/standalone/2023.4/user-guide/accounts-and-groups#:~:text=deployments%20for%20details.-,Prerequisites,-The%20WindowsAuth.Domain

Thanks for this @yikwen.goo,

Ill try to verify the 2-way trust and WAA, for now. the server is joined to domain and i was able to access it via AD during RDP.

One weird is thing is about WindowsAuth.Domain, i cant seem to find where it was located.
i tried to check UiPath.Orchestrator.dll and Web.config but there is no WindowsAuth.Domain Parameter, and i cant see any docs on where to put it manually.
Thank you.

Hi @bjdelacruz18

If you are using on-prem Orchestrator version 22.10 or lower, just go to your IIS Manager and enable Windows Authentication, then the Domain filed will show up. The same process hasn’t worked in the 2023 version for some reason. Maybe there should be some sort of issue with it. We rolled back the installation of the 2023 and are finishing everything on the 2022.10.

I hope that helps.

Thanks @Joel_Medeiros for the your answer.

we were able to make it work in latest version.
i missed enabling the AD Integration in identity, BUT i thought we did after switching the Active Directory in the 2023.4 UI.

Turns out UI Changed now compared to the tutorial - step 3 here: https://docs.uipath.com/orchestrator/standalone/2023.4/user-guide/configuring-the-active-directory-integration

in the latest UI: after enabling active directory, we should also click edit and “test and save” in the lower part, domain field now showed up and was able to verify it
2022.3
image

1 Like