Zimbra to AD

[albanwr]

Hi, just wondering if anyone has ever gone from Zimbra LDAP and successfully migrated current internal Zimbra users to authenticate from AD.

We've had Zimbra for a few years and now need to look at implementing AD for further user authentication, has anyone ever done this?

Cheers,

Craig

[phoenix]

Quote:

Originally Posted by albanwr

Hi, just wondering if anyone has ever gone from Zimbra LDAP and successfully migrated current internal Zimbra users to authenticate from AD.

Yes, plenty of people use AD for authentication.

Quote:

Originally Posted by albanwr

We've had Zimbra for a few years and now need to look at implementing AD for further user authentication, has anyone ever done this?

Same answer as above, just follow the Authentication Wizard in the Admin and read the Admin Guido for details.

[albanwr]

Hi Bill, thanks for your reply. I'm aware that you can use AD as an authentication source, this knowledge was referenced in the original post if you read it correctly.

What I'm trying to achieve is to have our existing 2000 users which are authenticated internally via the zimbra LDAP, to authenticate externally via AD. What I really need to know is the implications and wether its a simple process. What happens to the user passwords?

Thanks.

[phoenix]

Quote:

Originally Posted by albanwr

What I'm trying to achieve is to have our existing 2000 users which are authenticated internally via the zimbra LDAP, to authenticate externally via AD. What I really need to know is the implications and wether its a simple process.

I thought I'd already answered this? Just follow the wizard in the Admin UI to use an external authentication source.

Quote:

Originally Posted by albanwr

What happens to the user passwords?

I don't really understand what you mean by that question. Obviously the users will need to exist in AD and that would include their passwords.

[albanwr]

Ok, so we recreate the users in AD, then point the domain to the AD using the wizard.

Is it safe to assume that if the current user also exists in the AD the account will just continue to work after the switch and the user just can log in? Is it really that easy?

Thanks.

[phoenix]

Quote:

Originally Posted by albanwr

Is it really that easy?

Yes, it really is.

[albanwr]

Thanks again Bill.

Sorry I suppose that I always assumed that it would be hard...

[phoenix]

Quote:

Originally Posted by albanwr

Thanks again Bill.

Sorry I suppose that I always assumed that it would be hard...

If you want to verify the procedure works then create a test domain on your Zimbra server and a couple of users then create them in AD and change the authentication to AD for that domain.

You could also do it for the domain you currently have with local authentication and use this: Disable local authentication with an external ldap to allow users to authenticate even if they don't exist in AD. Once the user is created in AD they get their authentication from that and if AD becomes available they will still be able to login with their original Zimbra password. If you the same passwowrd in AD & Zimbra you'll have to sync the AD password with Zimbra (it isn't done automatically yet), IIRC there's a script in the forums to do that if you'd care to search.