Single Sign-on through Windows Authentication

Use this configuration to set up Management and Security Server in a Windows environment that uses Active Directory authentication. This option supports NTLM version 2.

NOTE:The term NetBios used below is also referred to as pre-Windows 2000 in some Windows utilities.

Domain Controller DNS name of IP address

IP address or DNS name of the Active Directory Domain Controller.
NetBios host name of domain controller

The first 15 characters of the domain controller’s host name, for example, myComputer.
NetBios domain name

The first 15 characters of the leftmost label in the DNS domain name.

Example: For the DNS domain name mydomain.mycompany.com, use the NetBios domain value mydomain.

Check here for information on how to obtain the NetBios name for a domain on Windows Server 2000 or later. Finding the NetBios Name of a Domain has helpful information on how to use the Active Directory module for Windows PowerShell to find the NetBios name.
Computer account (for servicing)

A Computer account in the Active Directory domain. A computer account is different than a user account. The computer account should not be associated with an actual physical or virtual computer.

NOTE:By default, a computer running Windows automatically changes its own password in Active Directory every thirty days. This means that if you create a computer account in the usual way (by adding a computer to the domain), then every thirty days, the password value stored in the Administrative Server's configuration will no longer be in sync with the value in Active Directory. In addition, Windows does not provide a method for you to learn what password Windows is using for the computer account. For this reason, you should create a computer account in the Active Directory domain, where the account is not associated with an actual computer. Such a configuration will prevent a computer from changing the account's password to an unknown value that is not synchronized with the password value stored in the Administrative Server's configuration for NTLMv2. There are exceptions to the automated password change (for example, if the computer is turned off for more than thirty days, or if automatic password changes are disabled for the computer). These exceptions are mentioned here for informational purposes and are not the recommended solution.

For information on how to create a new computer account, see the Microsoft article, Create a New Computer Account.

To specify the computer account for servicing

A computer account's syntax is the pre-Windows 2000 computer name, followed by a $ sign, followed by the @ symbol, then the DNS domain name.

Syntax: <Computer name (pre-Windows 2000)>$@<DNS domain name>

In this example, if the Computer name is ReflServiceAccount, the pre-Windows 2000 Computer name will be REFLSERVICEACCO and the computer account will look something like this: REFLSERVICEACCO$@mydomain.com
Computer account password

The password of the Computer account.

If this value isn’t already known, it must be explicitly reset in Active Directory. You can reset a computer account’s password using a simple VBScript, or the ADSI Edit tool. See these resources for more information:
- Reset a computer account’s password using VBScript
- ADSI Edit Tool