@PSUStevens headshot

@PSUStevens blog

You are reading the blog of @PSUStevens.
You can reach me through one of the social accounts below.

How to Connect KeyControl 5.4 to Active Directory

This post will walk through the steps to connect Entrust KeyControl to Active Directory.


2 minutes read

Entrust and Active Directory

To get started here is what you will need to complete the steps in this post:

Now, let’s get started…

Connect KeyControl to Active Directory

  1. Log in to the deployed Entrust KeyControl cluster. Once logged in:

    1. Click the Settings menu item
    2. Under the “General Settings” group click Authentication
    Settings > Authentication

    Settings > Authentication

  2. Click the Type drop-down box and select LDAP from the list.

    Select LDAP

    Select LDAP

  3. Enter the following information for your Active Directory domain then click Apply:

    • Domain Name
    • Service Account Name - see the note below
    • Service Account Password

    NOTE: The Service Account Name should be specified using one of the following formats:

    • Distinguished Name (DN): For example, CN=Administrator,CN=users,DC=entrust,DC=com
    • User Principal Name (UPN): For example, administrator@entrust.com
    • Account username: For example, administrator

    The AD account does not need to have administrative rights. Permissions to read the directory and look up usernames and group membership is good enough.

    Select LDAP

    Select LDAP

  4. Next you will enter the information for your Active Directory Domain Controllers. Click Add Domain Controller

    Add Domain Controller(s)

    Add Domain Controller(s)

  5. Enter the fully-qualified domain name (FQDN) for one of the Active Directory Domain Controllers in your environment. If you are using SSL between your domain controllers then you will need to also upload the CA certificate for your domain. If you are not using SSL then select LDAP from the drop-down box.

    Click Save & Close

    Add Domain Controller(s)

    Add Domain Controller(s)

    You will need to repeat this step for all of the domain controllers you have in your environment. Simply click the blue plus sign (+).

    After you have added all of your domain controllers it’s time to move onto adding a second KeyControl Security Administrator.


This post walked through the process of connecting Entrust KeyControl to Active Directory. This way you can follow the usual IT process of managing all of your accounts through a centralized user directory such as Active Directory.

In a follow-on post, I will write about how to add a second KeyControl Security Admin.

Here are links to related posts:

If there is something you think I’m missing and feel should be added, please let me know.

Thanks for reading!

Recent posts

See more



This is my personal blog about technical topics including virtualization, storage, networking, backups, and some random IT stuff that strikes my fancy.