The Active Directory service

A Windows Service that performs all of the work for Active Directory synchronization

The Active Directory service is the working element of the Active Directory module - it is the service that executes all of the Active Directory profiles that you have configured. The Active Directory service runs as a Windows Service under the security context of the HelpMaster Service Account. The service should be installed on a “server” style machine that does not get powered down. Once it has been installed and configured, it requires no further maintenance or configuration. It will run continuously on the machine and perform all of the HelpMaster Active Directory activity.

HelpMaster Services

Before any of the HelpMaster services can be started, you will need to specify the “Log On As” user account. Typically, this account is a dedicated “HelpMaster service account” that has been created to run all of the HelpMaster services (Email Manager, Priority Manager, Automation, Active Directory etc). For further information about this account, see HelpMaster Service Account. The exception to this is when synchronising Cloud only Entra ID data as outlined below.

Azure Entra ID

In v24.7+ the HelpMaster AD service is also used to synchronise Entra ID users when running in a hybrid Windows AD / Entra ID, or Cloud only Entra ID configuration. In a Cloud only configuration where users login to Windows with their Azure Entra ID “Microsoft Work” account, the HelpMaster Service Account must be a “Local” machine account on the HelpMaster server running the service with access to all HelpMaster resources as outlined in that topic.

How does it work?

The Active Directory service works by regularly polling the HelpMaster database and will execute any business logic that has been configured in any profiles that are enabled.

The Active Directory service will log events in both the Windows Event Log as well as the HelpMaster Active Directory Log.

Using the AD / Entra ID functionality without running the service

It is possible to perform a manual AD and/or Entra ID synchronization. This process does not rely on the service being configured or running. In order to do this, refer to Manually performing an Active Directory Synchronization

Configuring the Active Directory Service

Before the Active Directory service can be started, it needs to be configured correctly. This is done via the Desktop Edition of HelpMaster.

AD Service Setup

Service Options - explanation of settings

Service Name

(Read only) This is the name of the Active Directory Manager service as displayed in the list of available Windows Services. This is provided for identification purposes only.

Display Name

(Read only) This is the name of the Active Directory Manager service as displayed in the list of available Windows Services. This is provided for identification purposes only.

Service Path

(Read only) This is the path where the Active Directory Manager service is installed. This is provided for identification purposes only.

Service Database

(Mandatory setting) Before the Active Directory Service can operate, you need to specify where the HelpMaster database is. Click on the icon of a database to set the database connection.

Last service run

Indicates when the Active Directory service last ran. Click on the refresh button to get the latest date/time.

Last date a profile was completed

Shows the last time an Active Directory profile was successfully completed.

Last run on machine

Displays the machine name of the server that last successfully ran the Active Directory service.

Service version (last run)

Displays the version of the service that last ran successfully on the server hosting the service.

Test a Windows Account for the correct permissions

The Active Directory service needs a Windows account to run as. This account should have sufficient network security permission to to the following things:

  1. Access the HelpMaster SQL Sever database
  2. Access the HelpMaster Working Folders
  3. If any HelpMaster Active Directory profiles have the Delete clients checkbox enabled (i.e. you want to delete clients), the service will need to be run under a more privileged security context in order to query Active Directory Tombstone objects. See Deleting existing HelpMaster clients for further details about this.

For further information about this account, see HelpMaster Service Account

Domain / User Name

Enter the name of the HelpMaster Service Account that you have configured. For a Windows AD domain use the format [Domain]\[AccountName]. For a local machine account use the format [MachineName]\[AccountName].

Password

This is the password for the service account. Remember that network passwords can expire, which will affect the performance of a running service. It is recommended that the Password never expires option is selected for this account.

After you have set the Service account user name and password, click on the Test User button to perform a system check of the security credentials required. If the user account that was specified passes all of these tests, it can then be set as the service account, and the service should start and work as expected.

Active Directory Service Account Test

If the security test fails, you will need to do one of the following

  1. Use another account that has more security privileges
  2. Modify the existing account so that it has the necessary security privileges to the area that the test failed

Event Logging Options tab

The Active Directory service will log events in both the Windows Event Log, as well as the HelpMaster database. See Active Directory Event Log for further details.

Logging Setup

Diagnostic Logging

When the Turn on Verbose Logging for the next … service runs check box is enabled, the Active Directory service will write a comprehensive event log for every action that it performs. This may be useful for diagnosing configuration problems, or simply for testing and viewing what the Active Directory Manager is doing in detail. Due to the fact that verbose logging can very quickly fill your event log with much information, this feature will automatically turn itself off after the selected number of intervals that the service runs. To turn it on again, simply check the box again.

Windows event logs

This option can enable Windows event logging to log Everything, Service Started/Stopped and Errors/Warnings only, or Nothing to turn off Windows event logging.

Database event logs

This option can enable HelpMaster database logging to log Everything, Service Started/Stopped and Errors/Warnings only, or Nothing to turn off database logging. Also to reduce database bloat, database logging can be limited to either a time period (Only keep event logs for…) or the number of event log entries (Don’t exceed this many event entries…).

Open “Windows Services Viewer” button

Clicking this button will open the Windows Services viewer which will display all of the services installed on the selected machine.

Configure and Start/Stop the Active Directory Windows Service

In order to configure the settings for the Active Directory Service, do the following.

  1. Click the Windows Start menu
  2. Select Settings > Control Panel > Administrative Tools > Services to display the Windows Services screen
  3. Right-click the HelpMaster Active Directory Service to display the Properties screen
    Active Directory Service Configuration 1
  4. Click the Log On tab. The Startup type: should be set to Automatic (Delayed Start). This will allow the service to automatically start after the machine has been rebooted.
    Active Directory Service Configuration 2
  5. Click This account and choose the HelpMaster service account that you previously created which has sufficient network and system security permissions. Enter the password twice as shown
    Active Directory Service Configuration 3
  6. Click OK or Apply

Starting the Active Directory Service

Once all of the configuration settings have been set, you will need to start the Active Directory service by doing the following:

  1. Click the Start button. If all of the settings have been configured correctly, the Active Directory service should start successfully.

Starting the Active Directory Service

Note: As soon as the Active Directory Service start successfully, it will start working upon your HelpMaster database and any Active Directory profiles that are marked as enabled.

Stopping the Active Directory Service

Stopping or pausing the service is similar to starting it. Click the Stop button to stop the Active Directory service.

See also

HelpMaster Service Account

Active Directory Profiles

HelpMaster System Event Log