The Active Directory service
The Active Directory service is the working element of the Active Directory module - it is the service that executes all of the Active Directory profiles that you have configured. The Active Directory service runs as a Windows Service under the security context of the HelpMaster Service Account. The service should be installed on a “server” style machine that does not get powered down. Once it has been installed and configured, it requires no further maintenance or configuration. It will run continuously on the machine and perform all of the HelpMaster Active Directory activity.
Before any of the HelpMaster services can be started, you will need to specify the “Log On As” user account. Typically, this account is a dedicated “HelpMaster service account” that has been created to run all of the HelpMaster services (Email Manager, Priority Manager, Automation, Active Directory etc). For further information about this account, see HelpMaster Service Account.
Azure Entra ID
In v24.7+ the HelpMaster AD service is also used to synchronise Entra ID users when running in a hybrid Windows AD / Entra ID, or Cloud only Entra ID configuration. In a Cloud only configuration where users login to Windows with their Azure Entra ID “Microsoft Work” account, the HelpMaster Service Account must be a “Local” machine account on the HelpMaster server running the service with access to all HelpMaster resources as outlined in that topic.
How does it work?
The Active Directory service works by regularly polling the HelpMaster database and will execute any business logic that has been configured in any profiles that are enabled.
The Active Directory service will log events in both the Windows Event Log as well as the HelpMaster Active Directory Log.
Using the AD / Entra ID functionality without running the service
It is possible to perform a manual AD and/or Entra ID synchronization. This process does not rely on the service being configured or running. In order to do this, refer to Manually performing an Active Directory Synchronization
Configuring the Active Directory Service
Before the Active Directory service can be started, it needs to be configured correctly. This is done via the Desktop Edition of HelpMaster.
Navigation in HelpMaster Desktop
Automation toolbar > Active Directory section > Service Setup iconService Options - explanation of settings
Service Name
(Read only) This is the name of the Active Directory Manager service as displayed in the list of available Windows Services. This is provided for identification purposes only.
Display Name
(Read only) This is the name of the Active Directory Manager service as displayed in the list of available Windows Services. This is provided for identification purposes only.
Service Path
(Read only) This is the path where the Active Directory Manager service is installed. This is provided for identification purposes only.
Service Database
(Mandatory setting) Before the Active Directory Service can operate, you need to specify where the HelpMaster database is. Click on the icon of a database to set the database connection.
Last service run
Indicates when the Active Directory service last ran. Click on the refresh button to get the latest date/time.
Last date a profile was completed
Shows the last time an Active Directory profile was successfully completed.
Last run on machine
Displays the machine name of the server that last successfully ran the Active Directory service.
Service version (last run)
Displays the version of the service that last ran successfully on the server hosting the service.
Test a Windows Account for the correct permissions
Test only
This section is just for testing whether a Windows account has the permissions required to start the service. If this test passes, you still need to enter these credentials into the actual Active Directory Windows Service before starting it. This is explained in Configure the Active Directory Windows Service section below.The Active Directory service needs a Windows account to run as. This account should have sufficient network security permission to to the following things:
- Access the HelpMaster SQL Sever database
- Access the HelpMaster Working Folders
- If any HelpMaster Active Directory profiles have the Delete clients checkbox enabled (i.e. you want to delete clients), the service will need to be run under a more privileged security context in order to query Active Directory Tombstone objects. See Deleting existing HelpMaster clients for further details about this.
For further information about this account, see HelpMaster Service Account
Domain / User Name
Enter the name of the HelpMaster Service Account that you have configured. For a Windows AD domain use the format [Domain]\[AccountName]. For a local machine account use the format [MachineName]\[AccountName].
Password
This is the password for the service account. Remember that network passwords can expire, which will affect the performance of a running service. It is recommended that the Password never expires option is selected for this account.
After you have set the Service account user name and password, click on the Test User button to perform a system check of the security credentials required. If the user account that was specified passes all of these tests, it can then be set as the service account, and the service should start and work as expected.
If the security test fails, you will need to do one of the following
- Use another account that has more security privileges
- Modify the existing account so that it has the necessary security privileges to the area that the test failed
Event Logging Options tab
The Active Directory service will log events in both the Windows Event Log, as well as the HelpMaster database. See Active Directory Event Log for further details.
Diagnostic Logging
When the Turn on Verbose Logging for the next … service runs check box is enabled, the Active Directory service will write a comprehensive event log for every action that it performs. This may be useful for diagnosing configuration problems, or simply for testing and viewing what the Active Directory Manager is doing in detail. Due to the fact that verbose logging can very quickly fill your event log with much information, this feature will automatically turn itself off after the selected number of intervals that the service runs. To turn it on again, simply check the box again.
Windows event logs
This option can enable Windows event logging to log Everything, Service Started/Stopped and Errors/Warnings only, or Nothing to turn off Windows event logging.
Database event logs
This option can enable HelpMaster database logging to log Everything, Service Started/Stopped and Errors/Warnings only, or Nothing to turn off database logging. Also to reduce database bloat, database logging can be limited to either a time period (Only keep event logs for…) or the number of event log entries (Don’t exceed this many event entries…).
Open “Windows Services Viewer” button
Clicking this button will open the Windows Services viewer which will display all of the services installed on the selected machine.
Configure and Start/Stop the Active Directory Windows Service
This step is performed on the HelpMaster Server
For this step, you will need to be working on the “HelpMaster Server” machine. This is the machine where the HelpMaster services are installed and will run from.Pre-requisite checklist
Before the HelpMaster Active Directory Windows service will start, please ensure that you have…
- Installed the Active Directory Service on the “HelpMaster Server”
- Set the database connection that the Active Directory service will use
- Configured at least one Active Directory Profile
In order to configure the settings for the Active Directory Service, do the following.
- Click the Windows Start menu
- Select Settings > Control Panel > Administrative Tools > Services to display the Windows Services screen
- Right-click the HelpMaster Active Directory Service to display the Properties screen
- Click the Log On tab. The Startup type: should be set to Automatic (Delayed Start). This will allow the service to automatically start after the machine has been rebooted.
- Click This account and choose the HelpMaster service account that you previously created which has sufficient network and system security permissions. Enter the password twice as shown
- Click OK or Apply
Starting the Active Directory Service
Once all of the configuration settings have been set, you will need to start the Active Directory service by doing the following:
- Click the Start button. If all of the settings have been configured correctly, the Active Directory service should start successfully.
Note: As soon as the Active Directory Service start successfully, it will start working upon your HelpMaster database and any Active Directory profiles that are marked as enabled.
Stopping the Active Directory Service
Stopping or pausing the service is similar to starting it. Click the Stop button to stop the Active Directory service.
See also
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.